Next-Level Code. Nexuvibe Style ...

Hrs
Min
Sec
WordPress SSO Technical Setup Guide

Step-by-Step Guide: Setting Up
WordPress SSO Across Different Domains

SSO across different domains sounds technically intimidating. This guide shows you it is not. Two sites, one copy-paste of an API key, and your users never see a second login screen again.

12 min read
Updated 2026
Technical Step-by-Step
Step-by-step guide to setting up WordPress SSO across different domains – how to configure Single Sign-On between two independent WordPress sites on separate domains using API key connection and automated user sync in 2026

WordPress SSO across different domains has a reputation for being technically complex. That reputation is not entirely undeserved. If you try to implement it using OAuth 2.0 protocols, SAML identity providers, or custom JWT authentication middleware, it absolutely is complex. You are looking at server configuration, certificate management, protocol debugging, and the kind of work that usually requires a developer who has done it before.

But there is a different category of WordPress SSO setup that does not require any of that. When you want to connect two or more independent WordPress sites on different domains so that users can log in once and move between them freely, the solution is a purpose-built plugin that handles the cross-domain authentication layer for you. The setup process reduces to: install the plugin, enter the other site’s URL, copy an API key, paste it on the other site, and turn SSO on. That is it.

This guide walks through that process step by step, explains what is actually happening at each stage so you understand what you are configuring and why, and covers the most common questions that come up when setting up cross-domain SSO for the first time. By the end, you will have a working SSO connection between two WordPress sites on different domains, with a clear understanding of how to extend it to additional sites in your network.

What this guide covers
Why cross-domain SSO is harder than same-domain SSO and what makes the plugin approach work.
Prerequisites: what your two sites need before the setup begins.
The complete step-by-step connection setup with screenshots of each stage.
Configuring SSO behavior: token lifetime, logout scope, and trigger mode.
Testing the connection and confirming SSO works correctly.
Troubleshooting the most common setup issues.

Why cross-domain SSO is a different problem from same-domain SSO

On the same domain or subdomain, SSO is relatively straightforward because browser cookies can be set with a shared domain scope. A cookie set on example.com is readable by shop.example.com and members.example.com. The session can be shared at the cookie level without any special cross-site communication.

Across completely different domains, this does not work. A cookie set on siteA.com is not readable by siteB.com. The browser’s same-origin policy prevents it by design, as a security measure. This is why cross-domain SSO requires a different technical approach: rather than sharing a session cookie, the two sites need to communicate directly with each other to verify authentication state.

How the plugin-based approach handles cross-domain authentication
When a user who is logged into Site A visits Site B, Site B generates a request to Site A’s API asking whether this user has an active session. Site A responds with a signed, time-limited token confirming the session. Site B validates the token’s signature against the shared API key, creates a local session for the user, and the user arrives at Site B already logged in. The entire exchange happens in milliseconds and is invisible to the user. No shared cookies. No external identity server. Just two sites talking directly to each other through a secured API channel established when you configured the connection.

This architecture is more robust than shared-cookie approaches because it works regardless of browser privacy settings, cookie blocking policies, or domain structure. It works between any two WordPress sites that can reach each other over HTTPS, regardless of where they are hosted or what domains they use.

Prerequisites before you start

Before walking through the setup steps, confirm that your environment meets these requirements. None of them are unusual for a production WordPress site, but it is worth checking before you start.

Required
Both sites running WordPress 5.8 or later
Both sites accessible over HTTPS with valid SSL certificates
Admin access to both WordPress installations
Both sites able to make outbound HTTPS requests

Check these in advance
Firewall rules that might block API calls between your two hosts
WordPress REST API disabled by a security plugin
HTTP Authentication protecting the WP admin area on either site
Expired or self-signed SSL certificates on either domain

The complete step-by-step setup

The following steps take you from two completely unconnected WordPress sites to a working cross-domain SSO setup. In most cases, the entire process takes under 20 minutes.

Terminology used in this guide
Site A refers to your primary site, the one where most users originally register and log in. Site B refers to the secondary site that you want users to access without logging in again. If you have more than two sites, repeat the connection steps for each additional site.
1
Install Nexu User Sync on both sites

Go to Plugins > Add New on Site A and upload the Nexu User Sync plugin file. Activate it. Repeat the same process on Site B. You will see a new Nexu User Sync menu item appear in the WordPress admin sidebar on both sites once activated.

🔗For seamless authentication, a shared WordPress user database integration eliminates redundant logins while maintaining security across all connected domains. →

Both sites need the plugin active before you start the connection process. The plugin on Site B needs to be ready to receive the incoming connection request from Site A.

2
Open the Connections tab on Site A and add Site B

On Site A, navigate to Nexu User Sync in the admin sidebar and click on the Connections tab. You will see the connection management interface where all your connected sites are listed. Click the button to add a new connection.


Connections tab in Nexu User Sync showing where to add a new site connection by entering the secondary site URL to begin the cross-domain WordPress SSO setup process

The Connections tab in Nexu User Sync – WordPress SSO plugin for connecting sites across different domains. Enter Site B’s URL here to begin the connection.

Enter Site B’s full URL including the HTTPS prefix. The plugin will attempt to reach Site B and verify that it is a WordPress installation with Nexu User Sync active. If the connection check passes, you will proceed to the API key step.

3
Generate the API key and copy it to Site B

After entering Site B’s URL, the plugin generates a unique API key for this connection. This key is specific to the Site A to Site B pairing and is used to authenticate all data transfers between them. Copy this key.

EXAMPLE API KEY FORMAT
nxs_a7f3d9b2e1c4f8a5d6b3e9c2f7a4d1b8e5c2f9a6d3b7e4c1f8a5d2b9e6c3

Copy

Now go to Site B’s admin. Open Nexu User Sync, go to the Connections tab, and find the section for accepting an incoming connection from Site A. Paste the API key into the field provided and enter Site A’s URL. Save the connection.

This is the entire “technical” part of the setup. One copy-paste of a key. There is no server configuration, no certificate management, no protocol debugging. The API key is the only credential the two sites need to authenticate all future communication.

4
Verify the connection status in the dashboard

Return to Site A’s admin. Open the Dashboard tab in Nexu User Sync. Site B should now appear in the connected sites list with a green status indicator confirming the connection is active and both sites can communicate. If the status shows an error, the troubleshooting section at the end of this guide covers the most common causes.


Dashboard tab in Nexu User Sync showing a connected WordPress site with green health status confirming successful cross-domain SSO connection between two sites on different domains

The dashboard in Nexu User Sync – WordPress cross-domain SSO plugin with live connection health monitoring. Green status means Site B is reachable and the API key is valid.

5
Configure user sync settings for the connection

Before enabling SSO, configure the user sync settings that determine what data travels between the sites. Open the Sync tab and select the connection you just created. Set the sync direction (bidirectional for most setups, one-way if only Site A should push data to Site B), configure role mapping, and select which user fields to include in the sync payload.

6
Enable SSO and configure its behavior

Open the SSO tab and enable Single Sign-On for the connection to Site B. This is where you configure exactly how the cross-domain login experience works.


SSO tab in Nexu User Sync showing Single Sign-On configuration options including token lifetime logout scope and SSO trigger mode for setting up cross-domain WordPress SSO between different domains

SSO settings in Nexu User Sync – WordPress cross-domain Single Sign-On setup with token lifetime and logout scope control. This is where the login experience between your domains is defined.

Token lifetime

Controls how long an SSO session token is considered valid. A value of 24 hours means a user who logged in yesterday morning will still be recognized on Site B today without needing to log in again. Set this to match your typical user session length. For most sites, 24 hours is the right default.

Logout scope

Determines what happens when a user logs out. Global logout ends the session on all connected sites simultaneously. Local logout ends only the current site’s session. For most multi-site networks, global logout is the right choice as it matches user expectations about what logging out means.

SSO trigger mode

Controls when the cross-domain authentication check runs. Automatic mode checks for an active session on every page load when a logged-in user visits Site B. Link mode only triggers the check when the user follows a specific SSO-enabled URL. For public sites where page load performance is a priority, link mode adds a small amount of user friction in exchange for avoiding the SSO check on every request.

7
Run the initial bulk sync for existing users

SSO only works for users who already have accounts on both sites. Users who exist on Site A but not on Site B will still be prompted to log in when they visit Site B because there is no account for the SSO token to authenticate against. The bulk sync tool resolves this by creating accounts on Site B for all users who currently only exist on Site A.

In the Sync tab, run the bulk sync for the Site A to Site B connection. The tool processes users in batches and shows progress. After it completes, every existing user on Site A has a corresponding account on Site B, and SSO will work immediately for all of them.

🔗After enabling WordPress SSO across domains, remember to configure WordPress email authentication records like SPF, DKIM, and DMARC to ensure login notifications reach users reliably. →

After the bulk sync, real-time sync handles all new registrations automatically. Any user who registers on either site from this point forward will have their account created on the other site within seconds.

Testing the SSO connection

Before announcing the setup to your users, run through this verification sequence to confirm everything is working correctly.

Test 1: SSO for an existing user

Log in to Site A with a test account that you confirmed exists on both sites (use an account that was included in the bulk sync). Open a new browser tab and navigate to Site B. You should arrive already logged in. If you are prompted to log in, the SSO trigger mode may need adjustment or there may be a caching layer interfering.

Test 2: New registration sync

Register a brand new test account on Site A. Wait 10 seconds, then check Site B’s Users screen. The new account should already exist on Site B. Check the Logs tab to confirm the sync event was recorded with a success status.

Test 3: SSO for the newly synced user

Log in to Site A with the newly registered test account. Navigate to Site B. You should be logged in automatically even though this account was created after the bulk sync ran. This confirms that real-time sync and SSO are working together correctly for new registrations.

Test 4: Logout behavior

While logged in to both sites, log out of Site A. Then attempt to access a logged-in page on Site B. If you configured global logout, you should be logged out of Site B as well. If you configured local logout, you will still be logged in on Site B, which is the expected behavior for that setting.

Troubleshooting the most common setup issues

Most setup issues fall into a small number of categories. Here are the most common ones and how to resolve them.

Connection check fails when entering Site B’s URL

The most common cause is a firewall rule that blocks outbound HTTP requests from your hosting environment to external domains. Contact your host and ask whether outbound API calls to external HTTPS URLs are permitted. The second most common cause is a security plugin that has restricted the WordPress REST API. Temporarily disable security plugins on Site B and retry the connection check to confirm.

🔗Implementing WordPress cross-domain SSO authentication eliminates redundant logins while maintaining security across all your independent WordPress installations. →

Connection shows as active but SSO does not work

The connection being active (green in the dashboard) confirms the two sites can communicate. If SSO is not working after that, check whether the user you are testing with exists on both sites. A user who only exists on Site A will not be logged in automatically on Site B because there is no account to authenticate against. Run the bulk sync if you have not already, then test with an account that you confirmed exists on both sites.

SSO works inconsistently: works sometimes but not always

Inconsistent SSO behavior is almost always caused by a caching layer. If Site B has a full-page cache active (via a caching plugin, CDN, or hosting-level cache), the cached version of the page may be served before the SSO check has a chance to run. Configure your caching setup to exclude logged-in users from the cache, or exclude the pages where SSO needs to work from the cache entirely.

Sync events appear in the logs as failed

Check the error message recorded in the Logs tab for the failed event. An SSL certificate error means Site B’s certificate is expired or invalid. A 401 error means the API key is not being accepted, which can happen if the key was not entered correctly on Site B. A timeout error suggests a temporary connectivity issue that the retry queue will resolve automatically. A 404 error typically means the plugin is not active on Site B or the WordPress REST API endpoint has been blocked.

Adding a third, fourth, or fifth site to the network

Once your two-site SSO setup is working, adding more sites to the network follows exactly the same process. Install the plugin on the new site, create a new connection in the Connections tab on your primary site, generate a new API key, paste it into the new site, configure the sync settings for that connection, enable SSO, and run the bulk sync. Each additional site is a new connection with its own API key, and the configuration for existing connections does not change.

The Nexu User Sync plugin for WordPress SSO setup across multiple domains supports as many connections as your network requires. Each connection is independent, which means the sync direction, role mapping, field selection, and SSO behavior can be configured differently for each site pair. A connection to your membership portal can be configured differently from a connection to your support community, even though both are connected to the same primary site.

The dashboard gives you a single view of all connections, their health status, and their sync statistics. As your network grows, this view becomes the operational tool that tells you at a glance whether all your connected domains are communicating correctly, without needing to check each site individually.

🔗For organizations managing multiple independent WordPress installations, learning how to build a WordPress network with single sign-on eliminates redundant logins while preserving site autonomy. →

Copy Paste API Key · Live Connection · SSO Active · Under 20 Minutes

Cross-domain SSO that takes 20 minutes to set up and then runs itself

Nexu User Sync gives you cross-domain Single Sign-On between any number of independent WordPress sites, with real-time user sync, WooCommerce support, a resilient queue, and full audit logs. The setup is one copy-paste. Everything else runs automatically.

Nexu User Sync – WordPress SSO plugin for cross-domain Single Sign-On setup between multiple sites by NEXU WP

Nexu User Sync by NEXU WP
Cross-Domain SSO · Real-Time Sync · WooCommerce · Multi-Site Ready


Get Nexu User Sync

Picture of Mahdi Jabinpour

Mahdi Jabinpour

As a sales-driven developer and the founder of NexuWP, Mahdi focuses on building WordPress solutions that don't just work—they convert. From AI-powered bulk translation engines to high-efficiency media offloading, he helps business owners automate the "grind" so they can focus on global growth. He is a pioneer in integrating advanced LLMs into the WordPress workflow.

RELATED POSTS

RELATED POSTS

3 Reviews
Betty Garcia 2 months ago

Hey! The direct site to site API connection worked like a charm once I pasted the key

mehdiadmin 2 months ago

Thank you.

Mary Martinez 3 months ago

I've set up SSO for multiple WordPress sites in the past, and honestly, this guide made the whole process stupid simple. No wrestling with SAML or dealing with OAuth headaches just install, grab an API key, paste it in, and done. users switch between domains without even blinking at a login screen.

mehdiadmin 3 months ago

That's exactly what we aimed for simple, no fuss setup. Thanks for noticing!

Margaret Moore 3 months ago

Snagged this during the summer sale, and wow it actually made dealing with subdomain logins a breeze. now my main site's cookies work smooth on shop. and members. without users having to log in twice. setup was crazy easy too; just 10 minutes with the copy paste API key, and the guide's screenshots were super clear. Tried using it between two totally different domains later (like example.com and another.com) and ran into some issues, but for subdomains? absolute lifesaver. Four stars for making my life way easier on that front!

mehdiadmin 3 months ago

We really appreciate your feedback!

Please log in to leave a review.