Title: Easy Secure Login – Google One Tap & Sign-In Author: ateeqdev Published: 17, Ochobre de 2025 Last modified: 5, Marzu de 2026 --- Guetar plugins ![](https://ps.w.org/easy-secure-login/assets/banner-772x250.jpg?rev=3380232) ![](https://ps.w.org/easy-secure-login/assets/icon-256x256.png?rev=3380232) # Easy Secure Login – Google One Tap & Sign-In By [ateeqdev](https://profiles.wordpress.org/ateeqdev/) [Download](https://downloads.wordpress.org/plugin/easy-secure-login.2.2.1.zip) * [Details](https://ast.wordpress.org/plugins/easy-secure-login/#description) * [Reviews](https://ast.wordpress.org/plugins/easy-secure-login/#reviews) * [Installation](https://ast.wordpress.org/plugins/easy-secure-login/#installation) * [Development](https://ast.wordpress.org/plugins/easy-secure-login/#developers) [Support](https://wordpress.org/support/plugin/easy-secure-login/) ## Description **Easy Secure Login** enhances your site’s security by integrating two powerful Google authentication methods: **Google Sign-In** and **Google One Tap**. It can optionally replace the standard WordPress password system entirely, offering a modern, passwordless login experience. Born out of necessity after a real-world brute-force attack, this plugin was designed with the option to enforce a Google-only login policy, ensuring that **only verified Google accounts can access your site**. It combines robust, Google-powered security with a beautiful user interface, automatic user management, and a step-by-step setup wizard. ### Key Features * **Optional Passwordless Security:** Ability to completely disable standard password logins, forcing all users to authenticate via Google’s secure OAuth 2.0. * **Role-Based Redirects:** Define custom landing pages for different user roles. Redirect subscribers to your homepage or a custom dashboard while keeping admins in wp-admin. * **Google Sign-In Button:** A clean, modern “Continue with Google” button on your login page. * **Google One Tap:** Allows logged-in Google users to sign in instantly with a single click via a non-intrusive pop-up. * **Complete User Management:** Whitelist specific Google accounts and assign roles, or allow open registration for any Google user. * **Google Profile Picture Sync:** Automatically syncs and displays Google profile pictures as user avatars in WordPress. * **Built-in Security Hardening:** - Disable XML-RPC to prevent common attacks. - Disable the plugin and theme file editor. - Hide your WordPress version number. - Restrict REST API access to logged-in users. - Block direct access to sensitive core files. * **User-Friendly Setup Wizard:** A clean, multi-step guide to get your Google Cloud credentials configured in minutes. * **Actively Maintained** for the latest WordPress versions. This plugin provides maximum login security while dramatically improving the user experience. ### External services This plugin uses Google’s Identity Services to provide a secure authentication method( Google Sign-In and Google One Tap). To function, it connects to several Google APIs. * **Service:** Google Identity Services (accounts.google.com) * **Purpose:** This service is used to display the “Sign in with Google” button and the Google One Tap prompt. It handles the user authentication process directly in the user’s browser. * **Data Sent:** This plugin initiates the authentication flow, but user data ( like email and password) is entered directly on Google’s domain, not through this plugin. The plugin only receives a secure authentication token from Google after a successful login. * **Terms and Policies:** - Google Terms of Service: https://policies.google.com/terms - Google Privacy Policy: https://policies.google.com/privacy * **Service:** Google OAuth & People APIs (oauth2.googleapis.com, www.googleapis. com) * **Purpose:** After a user authenticates, the plugin’s server sends the received authentication token/code to these Google APIs to verify its authenticity and retrieve basic user profile information (email, name, profile picture). * **Data Sent:** An authentication token/code provided by Google is sent from your server to Google’s servers for validation. * **Terms and Policies:** - Google APIs Terms of Service: https://developers.google.com/terms ## Screenshots * [[ * [[ * [[ * [[ ## Installation 1. Upload the plugin folder to `/wp-content/plugins/` or install via **Plugins Add New** in WordPress. 2. Activate the plugin through the **Plugins** menu. 3. Go to **Easy Secure Login** in the WordPress admin sidebar to launch the setup wizard. 4. **Follow the setup wizard:** 5. * Create a Google Cloud project and configure OAuth credentials. * Add the “Authorized redirect URIs” and “Authorized JavaScript origins” provided by the wizard to your Google project. * Enter your **Google Client ID** and **Client Secret** into the plugin settings. * Configure **authorized users** or enable public sign-ups with a default role. * Enable optional **Google One Tap** on your homepage. * Review and enable additional **security enhancements**. 6. Test the login flow on your WordPress login page. That’s it! Your site is now enhanced with Google’s secure authentication. ## FAQ ### Does this completely replace WordPress password login? You can choose. By default, the plugin adds Google Sign-In as an alternative to the standard password login. For maximum security, you can enable the “Disable Password Login” option in the plugin’s security settings. When enabled, all password-related functionality is disabled, including the login form, password reset, and standard registration forms. This protects you from brute-force and password-guessing attacks. ### Can I allow only specific users? Yes. In the “Users” step of the wizard, you can build a whitelist of authorized Google email addresses and assign a specific WordPress role to each. ### What if I want to allow any Google user to register? You can enable the **“Allow New User Sign-Ups”** option. Any user who authenticates with a Google account will have an account created for them with your chosen default role (Subscriber is recommended for safety). ### How does Google One Tap work? Google One Tap is automatically enabled on the login page. If a user is already signed into their Google account in their browser, a small pop-up will appear, allowing them to log in to your site with a single click, without ever leaving the page. You can also choose to enable this on your homepage. ### What happens to existing WordPress users? They can log in seamlessly using the Google account that matches their existing WordPress user email address. Their account will be linked automatically. ### Is this plugin compatible with other login or security plugins? Because it can completely replace the core WordPress authentication flow, it may conflict with other plugins that modify the login process (like other social logins, 2FA, or login page customizers) if you enable the “Disable Password Login” option. It is designed to be an all-in-one solution for login security. ### How secure is this? Extremely secure. The entire authentication process is handled by Google’s OAuth 2.0 servers. The plugin uses recommended security practices like `state` tokens for CSRF protection and server-side token verification to ensure all logins are legitimate. ## Reviews ![](https://secure.gravatar.com/avatar/2b336573e1efa94808613598d1ae681a151d782b764854ea0b2e970d2277f668? s=60&d=retro&r=g) ### 󠀁[TOP](https://wordpress.org/support/topic/top-1776/)󠁿 [adreee](https://profiles.wordpress.org/adreee/) 28, Avientu de 2025 Best plugin [ Read all 0 reviews ](https://wordpress.org/support/plugin/easy-secure-login/reviews/) ## Contributors & Developers “Easy Secure Login – Google One Tap & Sign-In” is open source software. The following people have contributed to this plugin. Contributors * [ ateeqdev ](https://profiles.wordpress.org/ateeqdev/) * [ Ateeq ](https://profiles.wordpress.org/hardtoskip/) “Easy Secure Login – Google One Tap & Sign-In” has been translated into 4 locales. Thank you to [the translators](https://translate.wordpress.org/projects/wp-plugins/easy-secure-login/contributors) for their contributions. [Translate “Easy Secure Login – Google One Tap & Sign-In” into your language.](https://translate.wordpress.org/projects/wp-plugins/easy-secure-login) ### Interested in development? [Browse the code](https://plugins.trac.wordpress.org/browser/easy-secure-login/), check out the [SVN repository](https://plugins.svn.wordpress.org/easy-secure-login/), or subscribe to the [development log](https://plugins.trac.wordpress.org/log/easy-secure-login/) by [RSS](https://plugins.trac.wordpress.org/log/easy-secure-login/?limit=100&mode=stop_on_copy&format=rss). ## Changelog #### 2.2.1 * **Fix:** Resolved a persistent Google OAuth setup notice showing even when valid credentials were already configured. * **Maintenance:** Confirmed removal of development-only `combined_contents.txt` from distributable plugin files. #### 2.2.0 * **Improvement:** Intermediary page on both button as well as one tap signup #### 2.1.9 * **Improvement:** Removed the “Login Expereince by HardToSkip” footer from public facing pages #### 2.1.8 * **Improvement:** Made the “Login Expereince by HardToSkip” footer non-sticky #### 2.1.7 * **Improvement:** Only show the Login Expereince by HardToSkip on homepage #### 2.1.6 * **Hotfix:** Added subdomain/external host whitelisting for custom login redirects. This fixes the issue where redirects to subdomains (like app.example.com) were being blocked by WordPress security filters. #### 2.1.5 * **New Feature:** Added Role-Based Login Redirects. You can now configure custom landing pages (like the homepage) for specific user roles instead of the default`/ wp-admin` redirect. * **Enhancement:** Improved settings sanitization for URL fields to ensure security while maintaining query parameter integrity. * **Security:** Enforced `wp_safe_redirect` for all login flows to prevent Open Redirect vulnerabilities. #### 2.1.4 * **Fatal Error Fix:** Resolved a fatal error (`Call to undefined function is_user_logged_in()`) caused by the plugin loading before the WordPress core was fully initialized. * **“Headers Already Sent” Fix:** Eliminated PHP warnings by moving all cookie- setting operations to appropriate early-loading hooks (`template_redirect` and` login_init`), preventing conflicts with themes and other plugins. * **Code Refactoring:** Improved the reliability of the authentication flow by refactoring how the CSRF and OAuth state tokens are generated and handled. #### 2.1.3 * **Feature:** Added an option to disable standard WordPress password-based authentication, allowing administrators to enforce a Google-only login policy for enhanced security. * **Enhancement:** The login page UI now adapts based on whether password login is disabled, ensuring a seamless user experience. * **Enhancement:** Updated plugin description and FAQ to reflect the new optional passwordless functionality. #### 2.1.2 * **Security:** Hardened security by adding nonce verification to the login error display and One Tap callback handlers to prevent Cross-Site Request Forgery ( CSRF) vulnerabilities. * **Security:** Implemented the recommended OAuth 2.0 `state` parameter validation during the standard Google Sign-In flow to protect against CSRF attacks. * **Security:** Improved data sanitization on the admin settings page to ensure redirect URLs are handled securely. * **Fix:** Corrected a bug where the “Please configure your Google OAuth credentials” admin notice would persist even after the plugin was fully configured. * **Enhancement:** Updated the readme.txt to include a comprehensive “External Services” section, clearly documenting the use of Google APIs as required by WordPress plugin guidelines. #### 2.1.1 Initial Release ## Meta * Version **2.2.1** * Last updated **1 mes ago** * Active installations **20+** * WordPress version ** 5.0 or higher ** * Tested up to **6.9.4** * PHP version ** 7.4 or higher ** * Languages * [Czech](https://cs.wordpress.org/plugins/easy-secure-login/), [Dutch](https://nl.wordpress.org/plugins/easy-secure-login/), [English (US)](https://wordpress.org/plugins/easy-secure-login/), [Korean](https://ko.wordpress.org/plugins/easy-secure-login/) y [Russian](https://ru.wordpress.org/plugins/easy-secure-login/). * [Translate into your language](https://translate.wordpress.org/projects/wp-plugins/easy-secure-login) * Tags * [Google Login](https://ast.wordpress.org/plugins/tags/google-login/)[google one tap](https://ast.wordpress.org/plugins/tags/google-one-tap/) [login redirect](https://ast.wordpress.org/plugins/tags/login-redirect/)[passwordless](https://ast.wordpress.org/plugins/tags/passwordless/) * [Advanced View](https://ast.wordpress.org/plugins/easy-secure-login/advanced/) ## Ratings 5 out of 5 stars. * [ 1 5-star review ](https://wordpress.org/support/plugin/easy-secure-login/reviews/?filter=5) * [ 0 4-star reviews ](https://wordpress.org/support/plugin/easy-secure-login/reviews/?filter=4) * [ 0 3-star reviews ](https://wordpress.org/support/plugin/easy-secure-login/reviews/?filter=3) * [ 0 2-star reviews ](https://wordpress.org/support/plugin/easy-secure-login/reviews/?filter=2) * [ 0 1-star reviews ](https://wordpress.org/support/plugin/easy-secure-login/reviews/?filter=1) [Your review](https://wordpress.org/support/plugin/easy-secure-login/reviews/#new-post) [See all reviews](https://wordpress.org/support/plugin/easy-secure-login/reviews/) ## Contributors * [ ateeqdev ](https://profiles.wordpress.org/ateeqdev/) * [ Ateeq ](https://profiles.wordpress.org/hardtoskip/) ## Support Got something to say? Need help? [View support forum](https://wordpress.org/support/plugin/easy-secure-login/) ## Donate Would you like to support the advancement of this plugin? [ Donate to this plugin ](https://hardtoskip.com/)