Skip to content

Adam Greenwell

Social Login

Social Login lets users sign in with Google, Microsoft, or Apple OAuth instead of typing a WordPress password every time. It can appear on the native WordPress login screen and on the Guard Dog frontend login form.

Supported Providers

Provider Requirements Notes
Google OAuth Client ID and Client Secret Uses Google identity scopes for email and profile.
Microsoft Application Client ID and Client Secret Uses a clean callback URL without query strings for Azure compatibility.
Apple Services ID, Team ID, Key ID, and .p8 private key Requires an Apple Developer account.

All providers use this callback URL:

https://yoursite.com/guard-dog/oauth/callback

Use the exact URL shown in Guard Dog -> Authentication -> Social Login. If WordPress is installed in a subdirectory, the displayed URL may include that path.

Enable Social Login

  1. Go to Guard Dog -> Authentication -> Social Login.
  2. Check Enable Social Login.
  3. Enable one or more providers.
  4. Add the provider credentials.
  5. Save settings.
  6. Test in a private browser window.

Buttons only appear when Social Login is globally enabled and at least one provider is enabled and fully configured.

Google Setup

  1. Open Google Cloud Console.
  2. Create or choose a project.
  3. Configure the OAuth consent screen.
  4. Create an OAuth 2.0 Client ID for a web application.
  5. Add the Guard Dog callback URL as an authorized redirect URI.
  6. Copy the Client ID and Client Secret into Guard Dog.
  7. Enable Google in Guard Dog and save.

Use Google when most users already have Gmail or Google Workspace accounts.

Microsoft Setup

  1. Open Microsoft Azure Portal.
  2. Go to App registrations and create an app.
  3. Copy the Application (client) ID.
  4. Create a client secret under Certificates & secrets.
  5. Add the Guard Dog callback URL as a redirect URI.
  6. Copy the Application ID and Client Secret into Guard Dog.
  7. Enable Microsoft in Guard Dog and save.

Microsoft works with personal Microsoft accounts and organizational accounts supported by the Azure app registration.

Apple Setup

Apple setup is fussier, so go slowly. Tiny mistakes here can make sign-in fail in very quiet, very annoying ways.

  1. Open Apple Developer.
  2. Create or choose a Services ID for Sign in with Apple.
  3. Add your domain and return URL.
  4. Use the Guard Dog callback URL as the Return URL.
  5. Copy the Services ID into Guard Dog.
  6. Copy your Apple Team ID into Guard Dog.
  7. Create a Sign in with Apple key and copy the Key ID.
  8. Paste the full .p8 private key contents into Guard Dog.
  9. Enable Apple in Guard Dog and save.

The Apple private key is stored encrypted. If you migrate hosts or change WordPress salts and Apple login starts failing, re-paste the raw .p8 private key and save again.

General Settings

When enabled, Guard Dog links a provider account to an existing WordPress user when the provider email matches the WordPress account email.

Leave this disabled if your site treats email ownership as sensitive or if accounts may share addresses.

Auto-Create Users

When enabled, Guard Dog creates a new WordPress user when a social login succeeds and no matching account exists.

Set the New User Role carefully. For public sites, Subscriber is the usual starting point.

Bypass 2FA

When enabled, a successful social login can bypass Guard Dog two-factor authentication.

Use this only when you trust the provider's account security policy for your users. For admin-heavy sites, keeping 2FA required is usually the safer call.

Where Buttons Appear

Social login buttons can appear on:

  • The native WordPress login screen
  • Your custom login URL screen
  • The Guard Dog frontend login form

For embedded login pages, use:

[guard_dog_login_form show_social_login="true"]

Or add the Guard Dog Login Form block and enable Show social login buttons.

Account Linking

Logged-in users can link and unlink social accounts from their WordPress profile when Social Login is enabled. Linked accounts are stored by provider and provider user ID, so changing a user's WordPress email does not break an already-linked provider account.

Security Notes

  • Guard Dog validates OAuth state tokens and uses single-use state metadata.
  • Provider credentials should never be shared publicly.
  • Apple callbacks use form_post, so Apple setup must use the exact callback URL.
  • Social login records are cleaned up when linked WordPress users are deleted.

Troubleshooting

Buttons do not appear

Check all of these:

  • Social Login is enabled globally.
  • The provider is enabled.
  • Required provider credentials are saved.
  • The provider callback/redirect URL matches the URL shown in Guard Dog.
  • The current login surface allows social buttons.

Provider says redirect URI mismatch

Copy the callback URL from Guard Dog and paste it into the provider configuration exactly. Watch for http vs https, www vs non-www, and subdirectory installs.

Apple login fails after a migration

Re-paste the raw .p8 private key into Guard Dog and save. Encrypted keys depend on the WordPress security salts, so host migrations or salt changes can make an old encrypted key unreadable.

A user gets linked to the wrong account

Disable auto-link by email and unlink the provider account from the user profile. Then have the correct logged-in user link the provider manually.

Social login succeeds but users still get 2FA

Check Bypass 2FA in Social Login settings. If it is disabled, Guard Dog still requires 2FA for accounts that need it.

← Frontend Login Form | Documentation Home | Email Provider Configuration →