Auth0 Home Blog Docs

Any known issues with WPEngine and the Auth0 WordPress plugin?



WPEngine uses proprietary page caching and, to my knowledge, does not honor PHP session variables. They also have some other setting to prevent repeat login attempts. Are there any known issues with this host?

We’re using the Auth0 WordPress plugin (on WPEngine) with ADFS for authentication. The entire site (aside from the login page) requires the user be logged in – just a simple call to is_user_logged_in() in the header and then wp_redirect() to the login page if they are not.

Many (probably most) of our users are able to authenticate just fine using their organizational credentials. But a few cannot get past the login screen. What happens for them:

  1. They click the “Log in at” button for ADFS login

  2. They are taken to the corporate login page where they enter their credentials

  3. When they are returned to the site, rather then being redirected to the homepage (which is set in the plugin preferences) they are sent to the login page, but the Auth0 widget no longer displays – as if it thinks they are logged in. However, if I try to manually go a page in the site at this point, I cannot. It redirects to the login page again and displays the widget (and return to step 1).

I can replicate this behavior in Firefox. In fact, Firefox does not work at all for anyone (fortunately not many use it for this site). With Firefox no one can get past the login screen (with a few rare exceptions). The above steps happen for all. I know Firefox has some strict policies with sites that are not using SSL (which we’re not, currently). Could that have anything to do with it?

Otherwise this happens intermittently (or consistently for some users) in IE and Edge. Chrome and Safari seem to behave just fine. So, it seems to potentially be browser related.

Any suggestions? I’m happy to provide more details.



OK, some more info here that maybe will be helpful… when WPEngine disabled their caching everything seems to work just fine. Also, with Firefox, if I keep devtools open (which clears the local cache) everything seems to work just fine. So, it seems like this is caching/cookie/browser related but I’m still unsure how to solve it.

I had them try uncaching some cookies and URL parameters but no luck.


I can’t even get the initial setup credentials to work in the setup wizard, and they do on other hosts.


same here. i get “cant_exchange_token” and the following message:
There was an error retieving your auth0 credentials. Check the Error log for more information. Please check that your sever has internet access and can reach “


Adam, did you ever figure this out? We are having the exact same issue.


I ended up using Media Temple instead for this particular site. I love WPEngine, but their proprietary caching setup was not playing well with the Auth0 plugin – at least not with ADFS authentication.

When I did some troubleshooting with a support rep at WPEngine, they temporarily disabled caching and the problem went away. But, they can’t/won’t leave caching disabled on any sites. So, while we determined their caching was the issue, we weren’t able to determine a solution.


For anyone else having this issue … we tracked it down to a max-age header in the page that’s redirecting to the login page. This header caches the redirect in your browser so when you’re redirected back to that page after logging in, it sticks you back on the login page, logged into Auth0 so the widget doesn’t show. We’re working with WP-Engine to find a solution here but, in the meantime, the fix we found was to append something to the redirect URL so cache is broken, auth is checked, and everything works.

PHP snippet to drop into an mu-plugin or theme file is here: