Hooks

Simple JWT Login exposes 16 WordPress action and filter hooks that let you extend or customize the plugin's behaviour without modifying its source code. Use them to enrich JWT payloads, send notifications, apply business logic, gate requests, or build fully custom flows on top of the plugin.

Quick Reference​

Action Hooks​

Action hooks let you run side-effect code at a specific point in the request lifecycle. They do not return a value.

simple_jwt_login_before_endpoint​

Fires before a Simple JWT Login REST route is processed. Use it to validate requests, block specific callers, enforce policies (e.g. minimum password length), or log activity — for any endpoint.

Throw an Exception to abort the request with an error response.

simple_jwt_login_login_hook​

Fires after a user has been successfully authenticated and logged in.

simple_jwt_login_redirect_hook​

Fires before the user is redirected to the URL configured in the Login settings. Use it to implement dynamic redirect logic based on request parameters.

simple_jwt_login_register_hook​

Fires after a new user has been created via the register endpoint.

simple_jwt_login_delete_user_hook​

Fires immediately after a user has been deleted.

Filter Hooks​

Filter hooks let you inspect and modify data before it is used or returned. Always return the (modified) value.

simple_jwt_login_jwt_payload_auth​

Fires on the /auth endpoint before the JWT is signed. Use it to add custom claims to the token.

Returns: array — the modified payload.

simple_jwt_login_no_redirect_message​

Fires on the /autologin endpoint when No Redirect is selected. Use it to customise the JSON response returned to the client.

Returns: array — the modified response payload.

simple_jwt_login_reset_password_custom_email_template​

Fires when POST /user/reset_password is called. Use it to replace the default email template set in Reset Password settings with a fully custom HTML email.

Returns: string — the custom email template.

Response Filters​

The following 8 filters fire immediately before their respective endpoint returns a JSON response. Use them to add, remove, or transform fields in the API response.

simple_jwt_login_response_auth_user​

Fires before the POST /auth response is returned.

Returns: array — the modified response.

simple_jwt_login_response_register_user​

Fires before the POST /users (register) response is returned.

Returns: array — the modified response.

simple_jwt_login_response_delete_user​

Fires before the DELETE /users response is returned.

Returns: array — the modified response.

simple_jwt_login_response_refresh_token​

Fires before the POST /auth/refresh response is returned.

Returns: array — the modified response.

simple_jwt_login_response_send_reset_password​

Fires before the POST /user/reset_password response is returned.

Returns: array — the modified response.

simple_jwt_login_response_change_user_password​

Fires before the PUT /user/reset_password response is returned.

Returns: array — the modified response.

simple_jwt_login_response_revoke_token​

Fires before the DELETE /auth response is returned.

Returns: array — the modified response.

simple_jwt_login_response_validate_token​

Fires before the GET /auth/validate response is returned.

Returns: array — the modified response.

Settings Screenshot​

Code Examples​

Add custom claims to the JWT payload​

Enrich the token with user metadata — roles, plan, tenant ID — so downstream services don't need a separate lookup.

add_filter('simple_jwt_login_jwt_payload_auth', function (array $payload, array $request): array {
    $user = get_user_by('email', $request['email'] ?? '');
    if ($user) {
        $payload['roles'] = $user->roles;
        $payload['display_name'] = $user->display_name;
    }
    return $payload;
}, 10, 2);

Send a welcome email after registration​

add_action('simple_jwt_login_register_hook', function (WP_User $user, string $password): void {
    wp_mail(
        $user->user_email,
        'Welcome to My Site',
        sprintf(
            "Hi %s,\n\nYour account is ready.\n\nEmail: %s\nPassword: %s",
            $user->display_name,
            $user->user_email,
            $password
        )
    );
}, 10, 2);

Dynamic redirect URLs after login​

Enable "Include request parameters in the redirect URL" in Login settings, then add &page=dashboard (or any value) to the login URL. The hook reads it and redirects accordingly.

add_action('simple_jwt_login_redirect_hook', function (string $url, array $request): void {
    $page = $request['page'] ?? null;

    $destinations = [
        'dashboard' => 'https://mysite.com/dashboard',
        'profile'   => 'https://mysite.com/profile',
    ];

    wp_redirect($destinations[$page] ?? $url);
}, 10, 2);

Block a specific email address on /auth​

add_action('simple_jwt_login_before_endpoint', function (string $method, string $endpoint, array $request): void {
    if ($method !== 'POST' || $endpoint !== 'auth') {
        return;
    }

    $blocked = ['banned@example.com'];

    if (in_array($request['email'] ?? '', $blocked, true)) {
        throw new Exception('This account has been suspended.');
    }
}, 10, 3);

Enforce a minimum password length on registration​

add_action('simple_jwt_login_before_endpoint', function (string $method, string $endpoint, array $request): void {
    if ($method !== 'POST' || $endpoint !== 'users') {
        return;
    }

    $minLength = 8;
    $password  = $request['password'] ?? '';

    if (strlen($password) < $minLength) {
        throw new Exception("Password must be at least {$minLength} characters.");
    }
}, 10, 3);

Add extra fields to the auth response​

add_filter('simple_jwt_login_response_auth_user', function (array $response, WP_User $user): array {
    $response['user_id']      = $user->ID;
    $response['display_name'] = $user->display_name;
    $response['avatar_url']   = get_avatar_url($user->ID);
    return $response;
}, 10, 2);