WordPress User Sync

In the case a synchronization is done from a master site to a sub site, does the user need to login into the sub site or can be setup a link on the master site redirecting to the subsite and authenticating him automatically (like SSO)?

    Adam Czajczyk

    Hello Andre,

    I hope you're well today and thank you for your question!

    The "WordPress User Sync" plugin doesn't provide SSO-like feature. I think this can be done but it would require some custom development. If both sites were running over SSL connection (to provide security of a transfer of sensitive data such as logins and passwords) you could create a script/plugin that would automatically login user to other site. This would work assuming that both user login and password are the same on both installs (and with User Sync plugin they should be).

    I don't have such a script ready to use at hand though and creating it would be a bit outside the scope of this forum. You may then want to post a question about custom development on our "Jobs & Pros" job board (please note: no WPMU DEV staff involved!) here:

    https://premium.wpmudev.org/wordpress-development/

    I'm sure one of friendly developers there will be able to help you there!

    Best regards,
    Adam

    Andre

    Hi Adam,

    The problem is that after synchronization, the user will have to login again on the "sub site". It's not a problem, but I'd like to "redirect and login" them automatically if they are logged in the master site, because they don't know about sync and it should be transparent for them. It does not need to be a SSO-like feature, because my sites are not running over SSL. They are different installs and different domains.

    I hope you can show me a light at the end of the tunnel...

    Regards,

    Adam Czajczyk

    Hello Andre!

    I think I wasn't precise enough and this may caused some confusion

    If you wish users that are logged in to one WordPress install to be automatically logged in into another (separate) WordPress install you will need a custom script for this. Assuming that the basic condition of users having the same login and password on both sites is met (and it is thanks to User Sync plugin) the script will have to pass that login data into that other site.

    There are two theoretically possible ways to do this and both are not really secure - that's why I suggested securing sites with SSL. First way would be to "intercept" user login and password at the moment user is logging into the site and then make user switch to other site via a special form that would send that login and password to the login form on other site.

    This is extremely insecure as it involves intercepting sensitive user data and also sending them over the web in an unencrypted way.

    Another option would be to operate directly on WP database (so encrypted passwords) and WP login cookies. That's a bit more difficult to achieve but could be slightly less insecure.

    Both these solution would require custom coded script (in a form of a plugin preferably) and creating such a script is beyond the scope of this forum. In case you'd like to give coding a try yourself, I'll be happy to review your code and/or give you more tips on this if necessary. If you however need some professional help from a developer, you may want to post a question on our "Jobs & Pros" job board (please note: no WPMU DEV staff involved!) here:

    https://premium.wpmudev.org/wordpress-development/

    Best regards,
    Adam