🔐 Overview
WordPress Single Sign-On, or SSO, allows members to access your WordPress website from Member365 without managing a separate WordPress password.
Once configured, members can click a Login to WordPress button from the member portal and be securely directed into WordPress using their Member365 account.
✅ Before You Begin
You will need:
- A Member365 account with WordPress SSO enabled
- A WordPress website using HTTPS
- WordPress administrator access
- Matching email addresses between Member365 and WordPress user accounts
- Access to install a WordPress plugin or add a code snippet
If you do not see WordPress SSO settings in Member365, contact Member365 Support.
Step 1. Configure WordPress SSO in Member365
Access the WordPress SSO settings
- Log in to your Member365 admin panel.
- Go to:
Admin Panel → Options → WordPress SSO
You may also access the configuration page directly at:
/jwt/wordpress_sso/config
Add your WordPress site
- Select Add WordPress SSO.
- Enter your WordPress Site URL.
Your WordPress URL must begin with:
https://
Example:
https://yourwebsite.com
- Choose the default WordPress role for new users.
For most organizations, Subscriber is recommended.
- Choose whether WordPress accounts should be created automatically when no matching email address exists.
For the smoothest member experience, enable automatic account creation.
- Confirm that Enable WordPress SSO is checked.
- Save the configuration.
Step 2. Copy and Store the Secret Key
After saving the configuration, Member365 will display a Secret Key.
This key connects Member365 and WordPress securely.
Important
- Treat the secret key like a password.
- Do not share it publicly.
- Store it securely.
- If you believe it has been exposed, regenerate the key and update your WordPress setup.
Step 3. Install the SSO Code in WordPress
There are two common installation options.
Option A. Use the Code Snippets plugin
This is the recommended option for most administrators.
- Log in to WordPress.
- Go to Plugins → Add New.
- Search for Code Snippets.
- Install and activate the plugin.
- Go to Snippets → Add New.
- Name the snippet:
Member365 SSO Integration
- Paste the complete SSO code copied from Member365.
- Select Run snippet everywhere.
- Save and activate the snippet.
- Visit your WordPress homepage to confirm the site loads normally.
Option B. Install as a WordPress plugin
Use this option if you prefer a standalone plugin file.
- Download the plugin file from Member365.
- Open the file in a text editor.
- Locate the secret key placeholder.
- Replace it with the secret key from Member365.
- Save the file.
- In WordPress, go to Plugins → Add New → Upload Plugin.
- Upload the plugin file.
- Install and activate it.
Step 4. Add the Login Button to the Member Portal
Copy the widget code
In the Member365 WordPress SSO configuration area, copy the widget embed code.
It will look similar to this:
<div class="wordpress-sso-widget" data-config-id="1"></div>
Add the widget to a portal page
- Open the page where the button should appear.
- Switch the editor to Source or HTML mode.
- Paste the widget code where the button should appear.
- Save the page.
- Refresh the member portal page.
The Login to WordPress button should now appear.
Important
The widget code must be added in Source or HTML mode. If it is pasted into the visual editor, it may not work correctly.
Step 5. Test the SSO Flow
Before making the feature available to all members, test it with a known user.
Test user requirements
The test user should have:
- A Member365 user account
- A WordPress user account, unless automatic account creation is enabled
- The exact same email address in both systems
Test steps
- Log in to Member365 as the test user.
- Go to the portal page with the WordPress login button.
- Click Login to WordPress.
- Confirm the user is logged in to WordPress.
- Check the WordPress SSO configuration area in Member365 for recent login activity.
Troubleshooting
The Login to WordPress button does not appear
Check that:
- WordPress SSO is enabled in Member365
- The widget code was pasted in Source or HTML mode
- The page was saved and refreshed
- The button was added to a member portal page
The user sees “No WordPress account found”
This usually means the user exists in Member365 but not in WordPress.
You can resolve this by either:
- Enabling automatic account creation in the Member365 WordPress SSO settings
- Creating the WordPress account manually using the same email address
The user sees “Invalid or expired SSO token”
Check that:
- The secret key in WordPress matches the secret key in Member365
- The user clicked the login button within the token validity window
- The WordPress SSO code or plugin is still active
The user is redirected to WordPress but not logged in
Check that:
- The WordPress SSO code was installed correctly
- The WordPress plugin or snippet is active
- The WordPress Site URL in Member365 matches the actual site URL
- WordPress is not showing PHP errors
SSO worked before but stopped working
Common causes include:
- The secret key was regenerated in Member365 but not updated in WordPress
- The WordPress snippet or plugin was deactivated
- The WordPress site URL changed
- WordPress updates or security plugins affected the SSO code
Using Multiple WordPress Sites
Member365 can support multiple WordPress SSO configurations.
Each WordPress site should have:
- Its own SSO configuration
- Its own secret key
- Its own widget config ID
- The SSO code installed on that specific WordPress site
Example:
<!-- Main Website -->
<div class="wordpress-sso-widget" data-config-id="1"></div>
<!-- Community Site -->
<div class="wordpress-sso-widget" data-config-id="2"></div>
Go-Live Checklist
Before making WordPress SSO available to members, confirm:
- WordPress SSO is enabled in Member365
- The WordPress site uses HTTPS
- The secret key is stored securely
- The WordPress plugin or snippet is active
- The portal login button appears correctly
- A test user can log in successfully
- Automatic account creation has been tested, if enabled
- Staff know where to direct members for help
Security Notes
To help protect the integration:
- Keep the secret key private
- Use HTTPS for WordPress
- Keep WordPress, plugins, and themes updated
- Use secure WordPress administrator accounts
- Remove or update WordPress access when member or staff roles change
- Regenerate the secret key if you believe it has been exposed
Frequently Asked Questions
Do email addresses need to match?
Yes. The email address in Member365 must match the WordPress user account email address unless automatic account creation is enabled.
Can Member365 create WordPress accounts automatically?
Yes. Enable automatic account creation in the WordPress SSO configuration.
Can I customize the login button?
Yes. Button appearance and error messaging can be adjusted from the WordPress SSO configuration area in Member365.
Can I connect more than one WordPress site?
Yes. Each WordPress site needs its own configuration and secret key.
What happens if the secret key changes?
You must update the WordPress code or plugin with the new secret key. Otherwise, SSO will stop working.
Need Help?
Before contacting support, please confirm:
- The WordPress site URL is correct
- HTTPS is active
- The secret key matches in both systems
- The WordPress plugin or code snippet is active
- The user’s email address matches in both systems
- You have tested with a known user account
When contacting Member365 Support, include:
- Your WordPress website URL
- The exact error message
- Screenshots, if available
- Whether SSO worked previously
- Steps already attempted
Source content provided from the uploaded WordPress SSO setup draft.
Comments
Please sign in to leave a comment.