Screenshot COVID-19 Update We have changed are structure to better support our employees and customers through these hard times.
See Updates

Setup & Configuration

Published: September 26, 2019 | Updated: March 23rd, 2020
  1. Home
  2. Docs
  3. General
  4. Setup & Configuration


Configuring OAuth2 for WordPress is simple and starts with ensuring WP OAuth Server is installed and activated in the WordPress plugins options page.


  1. Install WP OAuth Server
  2. Activate WP OAuth Server
  3. Set Global Settings
  4. Create a Client

Installing & Activating

There are two ways you can install OAuth2 through a plugin.

  1. Download
  2. Search for “WP OAuth Server” in the plugin options screen.

You can find out how to install WordPress plugins by visiting

License Activation

The pro version requires the plugin to be activated to take advantage of automatic plugin updates.

To Activate with a license key:

  1. Go to your WordPress Admin
  2. Click WP OAuth Server –> Status
  3. Click the “License(s)” Tab
  4. Enter your license key
  5. Click Activate

Configuring Global Settings

Once the plugin is installed, go to OAuth Server -> Settings to access the global settings. There are two tabs for settings.

  1. General
  2. Advanced

The global settings are set to a default state which works for most installs out of the box. Go to the General Settings tab and ensure that “OAuth Server Enabled” is checked.

Create a Client

Before any calls can be made to, a client needs to be created. By creating a client, an authorized set of credentials are being created so that other sources can begin authorization flow. Go to OAuth Server -> Clients -> Add New Client. On the client screen, you will be presented with fields.

  • Grant Types
  • Client Name
  • Redirect URI
  • Advanced Option

Give the client a name that describes the client. For example, if there is a mobile app that will be connecting to WordPress’s OAuth2 API, name the client the mobile apps name. The next step is to determine which grant type the client will be allowed to utilize. In most cases, the “Authorization Code” is good. If you need further assistance with which grant type to use please visit the Grant Types documentation.

The Redirect URI can be a bit tricky but for a basic configuration, you can leave this blank. The Redirect URI is an authorized URL that the client will be redirected to (if using authorization code grant type). OAuth2 has a flow and the Redirect URI setting for a client allows systems to be whitelisted for security.