Configure Your Site’s Log In Access

This guide explains an advanced setting for managing logins to your site using WordPress.com’s secure authentication. While most sites won’t need to adjust this setting, it’s commonly disabled on websites with membership functionality added via a plugin.

This feature is available on sites with the WordPress.com Creator or Entrepreneur plan. If your site has one of our legacy plans, it is available on the Pro plan.

WordPress.com Log In, also referred to as Secure Sign-On (SSO), connects your WordPress.com dashboard and WP Admin dashboard to use the same log-in information. It ensures you can quickly and securely access all your site’s dashboard settings without needing a separate login for WP Admin.

WordPress.com Log In is managed by our Jetpack plugin. Among other features, Jetpack communicates between the WordPress.com dashboard and the WP Admin dashboard.

With this setting disabled, your site can have two different types of authorized users:

• WordPress.com Users: People who log in via WordPress.com to access your site after you grant them access.
• Local Users: People who log in via yoursiteaddress.com/wp-admin after you create their user account (either manually or by a plugin.) Learn more about local users.

If you invite a WordPress.com user, a local user account will automatically be created for them when they accept the invite. However, if you create a local user, it will not automatically create a paired WordPress.com account. Instead, you’ll want to invite them to create their own WordPress.com account directly from the All Users page in your site’s dashboard.

In most cases, WordPress.com Log In is recommended to remain switched on. One common exception is for sites using membership plugins that require members to log in to your website.

To turn WordPress.com Log In on, take the following steps:

1. Visit your site’s dashboard.
2. Navigate to Settings → Security (or Jetpack → Settings → Security in WP-Admin).
3. Scroll down to the “WordPress.com Log In” section:

4. Switch on the toggle labeled “Allow users to log in to this site using WordPress.com accounts.”
5. Adjust the following settings that will apply to other users you have approved to log in to your site:
   • Match accounts using email addresses: Keep this setting on to ensure WordPress.com can match any local accounts on your site that use the same email address as a WordPress.com account.
   • Require two-step authentication: Improve security by forcing Two-Step Authentication when users log in via WordPress.com. Any user who hasn’t set up two-step authentication in their account yet will be prompted to configure it first before they can log in.

You can turn off WordPress.com Log In to sign in to wp-admin separately.

If you have added custom membership functionality to your site via a plugin, you may be required to turn off WordPress.com Log In in order for your membership functionality to work.

This depends on which plugin you have installed, and you may first need to set up a sign-in page by following that plugin’s setup instructions. For example, if you have set up a login flow and discover that you reach a WordPress.com login screen rather than the login screen provided by your membership plugin, you likely need to disable WordPress.com Log In following the steps below.

By default, WordPress.com Log In is enabled. Therefore, you will never be asked to log into WP Admin because we automatically recognize your WordPress.com account.

However, a membership plugin can interfere with this flow, so it can be a good idea to set a password for WP Admin. Here’s how:

1. Ensure WordPress.com Log In is enabled.
2. In your dashboard, click on Users.
3. Click the “View” tab in the top right corner and set this to “Classic View“.
4. Hover your mouse over your username and click the “Edit” link.
5. Scroll down to the “Account Management” section.
6. Click the button that says “Generate Password” or “Set New Password“. Your new password will be provided, which you can change if you wish.
   • This password does not affect your WordPress.com account’s password.
7. Save the password somewhere safe!

To disable WordPress.com Log In, ensure you have saved your WP Admin password and then take the following steps:

1. Visit your site’s dashboard.
2. Navigate to Settings → Security (or Jetpack → Settings → Security in WP-Admin).
3. Scroll down to the “WordPress.com Log In” section.
4. Switch off the toggle labeled “Allow users to log in to this site using WordPress.com accounts.”
5. You can now use the password you set for WP Admin to log into your site’s admin area.

In some cases, members may not be able to log in, even after you disable WordPress.com Log In. In this case, you may need to disable Jetpack Protect by going to Settings → Security in Default View and turning off the “Prevent and block malicious login attempts” setting, or to Jetpack → Settings → Security in WP-Admin View and turning off the toggle under “Brute force protection.”

If your site requires WordPress.com Log In to remain switched off, your administrators and other members will log in through /wp-admin, independent of a WordPress.com login.

You can create a local WP Admin account on your website by following these steps:

1. Visit your site’s dashboard.
2. Navigate to Users.
3. In the upper right corner, click the “View” tab and select “Classic view“.
4. Click the “Add New User” button.
5. Fill in the username, email address, and other necessary fields for the new user, and click the “Add New User” button to create the new user.
6. Your administrator will then receive an invite email with instructions to set their password and log in.

Since this is a local user account only, be aware that:

• These user accounts work only with WordPress.com Log In switched off.
• WP Admin users can’t access the WordPress.com dashboard.

If you turn WordPress.com Log In back on, you must invite your administrators and other team members through the WordPress.com dashboard, where they must create a WordPress.com account.

In rare cases, you may encounter one of the following issues with WordPress.com Log In:

“I logged into my WordPress.com account, but when I try to edit anything, I’m prompted to log in again, and it does not recognize my username or password.”

When SSO is turned off, you and your other local users will need to log into the WordPress.com dashboard and WP Admin dashboard separately. Your credentials for each login may be different, depending on what you originally set up.

To solve this situation, you can temporarily enable WordPress.com login and then update your WP Admin password for your local user account before disabling it again. Alternatively, you can use the “Lost Your Password?” link on the login page to reset your password.

“I have multiple administrators/users on my website, but for some reason, they cannot see the website while I can see it! What happened, and what should I do?”

This usually happens when the Jetpack connection is broken on the website and has been reconnected. In some cases, other administrators or users (Editors, Authors, etc.) cannot see the website because they are not yet connected to it from their WordPress.com accounts.

To resolve this situation, please follow the steps below:

1. Ensure WordPress.com Log In is active under Settings → Security (or Jetpack → Settings → Security in WP-Admin) as detailed above.
2. Ask your users to:
   • Log in to the site’s dashboard using their WordPress.com username and password.
   • Open a new browser tab and visit the WP Admin address of the site (for example, mywebsite.com/wp-admin).
   • Click the “Set up Jetpack” button and then the “Approve” button:

This will connect Jetpack to their WordPress.com account so they can now access the site as normal in their WordPress.com account.