Title: Client Certificate Authentication
Author: MarioLipinski
Published: <strong>July 14, 2013</strong>
Last modified: July 17, 2013

---

Search plugins

This plugin **hasn’t been tested with the latest 3 major releases of WordPress**.
It may no longer be maintained or supported and may have compatibility issues when
used with more recent versions of WordPress.

![](https://s.w.org/plugins/geopattern-icon/client-certificate-authentication.svg)

# Client Certificate Authentication

 By [MarioLipinski](https://profiles.wordpress.org/mariolipinski/)

[Download](https://downloads.wordpress.org/plugin/client-certificate-authentication.1.0.2.zip)

 * [Details](https://test.wordpress.org/plugins/client-certificate-authentication/#description)
 * [Reviews](https://test.wordpress.org/plugins/client-certificate-authentication/#reviews)
 *  [Installation](https://test.wordpress.org/plugins/client-certificate-authentication/#installation)
 * [Development](https://test.wordpress.org/plugins/client-certificate-authentication/#developers)

 [Support](https://wordpress.org/support/plugin/client-certificate-authentication/)

## Description

The Client Certificate Authentication plugin enables WordPress to login a user with
a SSL client certificate. The plugin uses the email address from the subject field
to identify the user by the email address of his wordpress account. Optionally, 
new accounts can be created on the fly by using email address and name from the 
certificate. By limiting login and registration to users providing a client certificate,
bots are locked out and spam is eliminated.

Acknowledgements: This plugin is based on the [HTTP Authentication plugin](https://wordpress.org/plugins/http-authentication/)
by Daniel Westermann-Clark. Ideas taken from Dan B.’s implementation for client 
certificate authentication.

## Installation

 1. Login as an existing user, such as admin.
 2. Upload the `client-certificate-authentication` folder to your plugins folder, usually`
    wp-content/plugins`. (Or simply via the built-in installer.)
 3. Activate the plugin on the Plugins screen.
 4. Logout.
 5. Require certificate authentication for `wp-login.php` and `wp-admin`.
 6. Try logging in with your client certificate.

## FAQ

  How should I set up client certificate authentication?

This depends on your hosting environment and your means of authentication.
 The 
plugin uses the $_SERVER environment variables `SSL_CLIENT_S_DN_Email` (beginning
with) for the email address and `SSL_CLIENT_S_DN_CN` for the name. A working example
is given below:

In Apache HTTP (non-HTTPS) config add:

    ```
    RewriteEngine On
    RewriteRule ^/(wp-(admin|login\.php).*) https://%{HTTP_HOST}/$1
    ```

In Apache HTTPS config:

    ```
    <Location /wp-login.php>
        SSLVerifyClient optional
        <IfModule mod_rewrite.c>
            RewriteEngine   on
            RewriteCond  %{HTTP_USER_AGENT}  .*Safari.*
            RewriteCond  %{SSL:SSL_CLIENT_VERIFY} !=SUCCESS
            RewriteRule  .* /wp-admin [redirect,last]
        </IfModule>
    </Location>
    <Location /wp-admin>
        SSLVerifyClient require
    </Location>
    ```

Also make sure to set SSLCACertificatePath and enable CRL checks.

## Reviews

There are no reviews for this plugin.

## Contributors & Developers

“Client Certificate Authentication” is open source software. The following people
have contributed to this plugin.

Contributors

 *   [ MarioLipinski ](https://profiles.wordpress.org/mariolipinski/)

[Translate “Client Certificate Authentication” into your language.](https://translate.wordpress.org/projects/wp-plugins/client-certificate-authentication)

### Interested in development?

[Browse the code](https://plugins.trac.wordpress.org/browser/client-certificate-authentication/),
check out the [SVN repository](https://plugins.svn.wordpress.org/client-certificate-authentication/),
or subscribe to the [development log](https://plugins.trac.wordpress.org/log/client-certificate-authentication/)
by [RSS](https://plugins.trac.wordpress.org/log/client-certificate-authentication/?limit=100&mode=stop_on_copy&format=rss).

## Changelog

#### 1.0

Initial release.

#### 1.0.1

Documentation updates.

#### 1.0.2

Fixes to the short description.

## Meta

 *  Version **1.0.2**
 *  Last updated **13 years ago**
 *  Active installations **10+**
 *  WordPress version ** 3.1 or higher **
 *  Tested up to **3.5.2**
 *  Language
 * [English (US)](https://wordpress.org/plugins/client-certificate-authentication/)
 * Tags
 * [authentication](https://test.wordpress.org/plugins/tags/authentication/)[ssl](https://test.wordpress.org/plugins/tags/ssl/)
 *  [Advanced View](https://test.wordpress.org/plugins/client-certificate-authentication/advanced/)

## Ratings

 5 out of 5 stars.

 *  [  2 5-star reviews     ](https://wordpress.org/support/plugin/client-certificate-authentication/reviews/?filter=5)
 *  [  0 4-star reviews     ](https://wordpress.org/support/plugin/client-certificate-authentication/reviews/?filter=4)
 *  [  0 3-star reviews     ](https://wordpress.org/support/plugin/client-certificate-authentication/reviews/?filter=3)
 *  [  0 2-star reviews     ](https://wordpress.org/support/plugin/client-certificate-authentication/reviews/?filter=2)
 *  [  0 1-star reviews     ](https://wordpress.org/support/plugin/client-certificate-authentication/reviews/?filter=1)

[Your review](https://wordpress.org/support/plugin/client-certificate-authentication/reviews/#new-post)

[See all reviews](https://wordpress.org/support/plugin/client-certificate-authentication/reviews/)

## Contributors

 *   [ MarioLipinski ](https://profiles.wordpress.org/mariolipinski/)

## Support

Got something to say? Need help?

 [View support forum](https://wordpress.org/support/plugin/client-certificate-authentication/)

## Donate

Would you like to support the advancement of this plugin?

 [ Donate to this plugin ](http://www.cacert.org/index.php?id=13)