Cloudflare Zero Trust for WordPress
A secure WordPress authentication plugin that integrates Cloudflare Zero Trust OIDC (OpenID Connect) into your WordPress login system. Supports both SaaS and Self-hosted applications with enterprise-grade security.
Key Features
Leverages Cloudflare's Zero Trust security model with OIDC authentication for robust protection
Supports both SaaS and self-hosted Cloudflare applications with easy setup
Works alongside WordPress's native login system without replacing it
Creates WordPress accounts automatically for authenticated users
Installation
- Download the latest release from GitHub
- Navigate to Plugins → Add New → Upload Plugin
- Choose the downloaded ZIP file
- Click Install Now and then Activate
- Extract the ZIP file
- Upload the folder to
/wp-content/plugins/ - Activate the plugin from the WordPress admin panel
Configuration
Cloudflare Setup
Navigate to Cloudflare Zero Trust → Access → Applications
- Click Add an Application
- Choose either SaaS or Self-hosted
- Configure your application settings
Redirect URLs:
https://yourdomain.com/wp-admin/admin-ajax.php?action=cloudflare_zt_callbackSave your Client ID and Client Secret for the WordPress configuration
Navigate to Settings → Cloudflare ZT Login and configure:
- Team Domain: your-team.cloudflareaccess.com
- Client ID: From Cloudflare Application
- Client Secret: From Cloudflare Application
- Application Type: SaaS or Self-hosted
Usage
- Navigate to your WordPress login page
- Click the "Login with Cloudflare" button
- Complete authentication via Cloudflare Zero Trust
- You'll be redirected back to WordPress and logged in automatically
If this is your first login, the plugin will automatically create a WordPress account using your email address from Cloudflare. New users are assigned the Subscriber role by default.
Requirements
5.0+
7.4+
Required
Support & Resources
This plugin is open source and available under the MIT License