Wapu Auth – Google Social Login for WordPress & WooCommerce

Wapu Auth is a free Google Social Login plugin for WordPress and WooCommerce. Let your visitors register and sign in using their Google account — no passwords, no forms, no friction.

Whether you run a WooCommerce store, a membership site, or any WordPress site, Wapu Auth makes authentication instant, secure, and completely free — including WooCommerce integration.

Wapu Auth Pro is coming soon with additional social login providers, advanced analytics exports, and priority support.

Free WooCommerce Social Login — No Pro Upgrade Required

Most social login plugins lock WooCommerce compatibility behind a paid plan. Wapu Auth includes free WooCommerce social login out of the box. The Google login button is automatically placed on your WooCommerce login page, registration page, and checkout form — zero configuration needed.

Store owners: let customers register and sign in at checkout with their Google account. Fewer abandoned carts. More completed purchases.

Features

Google Login — One Click Let visitors register and sign in with their Google account instantly. No passwords, no forms, no friction. Fast and invisible.

Google One Tap Show a non-intrusive sign-in prompt that authenticates users with a single click, without leaving the current page.

Magic Link — Passwordless Login Let customers sign in with a secure one-click link sent to their email. No password required. Links expire automatically for security.

Two-Factor Authentication (Email OTP) Add email verification codes to the sign-in flow. Enable globally for all users, require it for administrators only, or let customers opt in from their account page.

Active Sessions & Trusted Devices Customers can see every device signed in to their account and revoke sessions remotely. Trusted devices skip 2FA automatically for smoother return visits.

Unified Security Tab (WooCommerce My Account) Customers manage two-factor authentication, active sessions, trusted devices, and their Google connection from a single "Security" page in My Account.

Built-in SMTP Mailer Send magic links and OTP codes reliably using a custom SMTP server configured directly in the plugin settings — no third-party plugin required.

Free WooCommerce Login Integration Google login button automatically appears on all WooCommerce forms: login, register, and checkout. Free. No Pro plan required.

Smart Redirect Post-Login After signing in on the cart or checkout page, customers return to that page — not to My Account.

Analytics Dashboard Track every Google login attempt, new registration, and user activity from your WordPress admin panel.

Domain Restrictions Whitelist or blacklist email domains for your Google social login. Only @yourcompany.com users can sign in? Done.

Sandbox Mode Test the complete Google OAuth login flow with specific test emails before going live. No risk to production data.

Customizable Google Login Button Match the login button to your brand. Adjust colors, text, size, and style with a live visual editor — no CSS required.

Popup Mode Display the Google login prompt in a popup window for a seamless, redirect-free experience.

Activity Log Full log of every login attempt: status, email, timestamp, and optional GeoIP location data.

Shortcode Support Place the Google login button anywhere on your site: [wapu_auth_button] — Google login button [wapu_auth_login_form] — Full custom login form with Google login [wapu_auth_register_form] — Full custom registration form with Google login

Custom Login & Registration Form Templates Replace the default WordPress login and register pages with three built-in templates: Classic, Modern, and Compact. All include the Google login button.

Setup Wizard Step-by-step guided setup walks you through creating Google OAuth credentials and configuring the plugin in under 5 minutes.

Full Internationalization Fully translated into English and Spanish. Ready for community translation via translate.wordpress.org.

Who Uses Wapu Auth?

WooCommerce store owners looking to reduce cart abandonment by adding Google login to the checkout page — free, without a Pro plan.

Membership site owners who want fast, trusted social login and registration using Google accounts.

WordPress developers and agencies who need a clean, standards-compliant Google OAuth plugin for client sites.

Users switching from Nextend Social Login who need free WooCommerce social login integration without paying for a Pro addon.

How Google Social Login Works

1. Visitor clicks the Google login button on your site
2. Google authenticates the user via secure OAuth 2.0
3. Wapu Auth creates or matches their WordPress account by email
4. User is logged in — done. The whole process takes under 3 seconds.

Existing users who already have a WordPress account with the same Google email address are automatically matched and logged in — no duplicate accounts, no confusion.

Privacy & Compliance

Wapu Auth connects to Google's OAuth API only when a user actively clicks the Google login button. GeoIP enrichment and Google Analytics integration are optional and disabled by default. Site owners are responsible for appropriate consent mechanisms for their jurisdiction (GDPR, CCPA, etc.).

Requirements

• WordPress 6.0 or higher
• PHP 8.0 or higher
• SSL certificate (HTTPS) — required by Google OAuth
• Free Google Cloud Console account — to generate OAuth credentials
• WooCommerce 7.0 or higher (optional, for automatic WooCommerce social login integration)

Hooks & Filters

Wapu Auth exposes the following WordPress action and filter hooks so developers can extend the authentication flow without modifying plugin files.

Actions

• wapu_auth_before_login — Fires right before a user is authenticated by Wapu Auth.
• wapu_auth_user_authenticated — Fires after a WordPress user is logged in via Google. Passes $user (WP_User), $google_user (array), and $is_new_user (bool).
• wapu_auth_user_created — Fires after a new WordPress user is created from a Google account. Passes $user_id, $email, and $google_id.
• wapu_auth_google_account_unlinked — Fires when a user disconnects their Google account from My Account. Passes $user_id.
• wapu_auth_analytics_event — Fires when an analytics event is recorded. Passes $event_type, $user_id, and $data.
• wapu_auth_log — Fires on every plugin log entry. Passes $message, $level, and $context. Useful for routing logs to a custom handler.
• wp_login — The standard WordPress action fires on every successful Google login so security and 2FA plugins receive Google logins uniformly.

Filters

• wapu_auth_auth_params — Modify the query parameters sent to Google's OAuth authorization endpoint (scope, prompt, hd, etc.).
• wapu_auth_user_data — Modify the user data array returned by Google before Wapu Auth creates or matches an account.
• wapu_auth_redirect_url — Override the URL users are redirected to after a successful login. Passes $url, $user, and $is_new_user.
• wapu_auth_error_message — Customize the error message shown to the user when authentication fails. Passes $message and $code.
• wapu_auth_button_html — Modify the rendered login button HTML. Passes $html, $args, and $settings.
• wapu_auth_redirect_uri — Override the OAuth callback redirect URI registered with Google. Passes the current URI string.
• wapu_auth_geoip_enabled — Enable or disable GeoIP lookup programmatically. Passes the current boolean value.

External Services

This plugin connects to the following external services only under clearly documented conditions.

1. Google OAuth 2.0 / OpenID Connect (required for Google social login)

Endpoints: * https://accounts.google.com/o/oauth2/v2/auth * https://oauth2.googleapis.com/token * https://www.googleapis.com/oauth2/v2/userinfo * https://accounts.google.com/.well-known/openid-configuration (admin diagnostics only)

Data sent: Client ID, redirect URI, OAuth scope, state token, and authorization code. An access token is sent to retrieve the user's Google profile.

Data received: Google account ID, email address, display name, profile picture URL, email verification status, and locale.

When triggered: Only when a user actively clicks the Google login button, or when an admin runs connection diagnostics from the settings page.

Google's policies: Privacy Policy | Terms of Service

2. GeoIP Providers (optional — disabled by default)

Services: https://ipapi.co/ with https://ipwho.is/ as fallback.

Data sent: Visitor IP address for location lookup.

When triggered: Only when GeoIP enrichment is enabled in the plugin's security settings.

Note: Enable only with appropriate legal basis and user consent where required (e.g. GDPR).

Policies: ipapi.co | ipwhois

3. Google Analytics 4 Event Bridge (optional — disabled by default)

Service: Uses the site's existing gtag / GA4 setup, if present.

Data sent: Social login event names and metadata only (login_start, success/error status).

When triggered: Only when a GA4 Measurement ID is configured and analytics is enabled in plugin settings.

Note: Site owners are responsible for obtaining required user consent before enabling this feature.

4. Google Fonts (optional frontend asset)

Services: https://fonts.googleapis.com | https://fonts.gstatic.com

Data sent: Standard browser request headers (IP, user-agent) to retrieve font CSS.

When triggered: When the social login button is rendered on the frontend.

Google's policies: Privacy Policy