Checkout friction is killing your signups right now
Most visitors who hit a registration form and see a password field close the tab. They've done this for every site this week. Your WooCommerce store, your membership site, your course platform: all asking for an email, a password, a confirmation, sometimes a verification link. Each extra step is a visitor you lose.
The problem isn't conversion copy. It's the form itself. Visitors already have Google and Facebook accounts. They are already logged in on this device. You're asking them to create something new when something perfectly good already exists.
What most people do
A better way: three commands, two providers
TrueCommander gives you working OAuth flows for Google and Facebook through three commands. Run enable google login to attach a full authorization-code flow to any CSS selector on your site. Run enable google one tap login to show Google's passive One Tap prompt to visitors after a configurable delay. Run enable facebook login to wire up Facebook's OAuth flow to any button you already have. All three exchange tokens server-side, match the returning identity against existing WP users, and create a new account if no match is found.
Secrets stay on the server. Your client_secret and app_secret are stored in wp_options and used only in server-side token exchanges, the same way SMTP credentials work. They are never serialized into page HTML or sent to the browser. An open-redirect guard on the -redirect parameter also rejects any off-site destination, so a manipulated redirect URL cannot send your visitors anywhere unexpected.
What each command does
Three commands, two providers, one consistent pattern: attach a flow, configure a selector or delay, redirect after success.
| Command | What it does |
|---|---|
enable google login | Attaches a Google OAuth authorization-code flow to a CSS selector. Clicking the element starts a full-page consent screen. Google returns a code; the server exchanges it for tokens and logs the user in. |
enable google one tap login | Loads Google's One Tap prompt for non-logged-in visitors after a configurable delay. On success, a Google credential is verified server-side via Google's tokeninfo endpoint and the user is logged in or created. |
enable facebook login | Attaches a Facebook OAuth authorization-code flow to a CSS selector. The server exchanges the returned code for an access token, reads the profile from the Graph API, and logs the user in or creates an account. |
How it works
wp_options, registers a callback endpoint, and begins listening for clicks on the selector using event delegation, so late-loaded and SPA-rendered elements work without extra setup.-redirect path. If no WP user matches the provider email, a new account is created at the site's default role.Parameters
| Detail | Value |
|---|---|
| Command names | enable google login, enable google one tap login, enable facebook login |
| Google credentials | -client_id (ends in .apps.googleusercontent.com), -client_secret (server-side only) |
| Facebook credentials | -app_id (numeric, 15 to 16 digits), -app_secret (server-side only, also used for appsecret_proof) |
| Selector support | Any CSS selector (.class, #id, [data-attr]). Event delegation covers late-loaded and SPA elements |
| One Tap delay | -delay: seconds after page load before the prompt appears. Default 3, range 0 to 120 |
| Redirect guard | -redirect accepts same-origin URLs and paths only. Off-site destinations are rejected |
| User creation | -create_users default true. Unknown emails get a new WP account at the site's default role |
| Disable | Pass -disable=true to any command to turn off the handler while keeping stored credentials |
| Requirements | HTTPS in production (localhost works for One Tap dev). Register the callback URL shown in command output in your Google Cloud or Facebook app settings |
| Can be used in |
Real example
You run a WooCommerce membership site. Checkout completion is stuck at 54 percent and your analytics show most drop-offs happen on the "Create an account" step. A third of your visitors are on mobile, where typing a password and checking email for a verification link is genuinely painful.
You run tp enable google login -client_id=xxx.apps.googleusercontent.com -client_secret=xxx -selector=.wc-google-btn -redirect=/my-account. The command prints the callback URL you need to add to your Google Cloud OAuth client, which takes about two minutes. You add a button with the class .wc-google-btn to your checkout page template. Done.
You also run tp enable google one tap login -client_id=xxx.apps.googleusercontent.com -delay=5 -redirect=/my-account so returning visitors who aren't logged in see the passive prompt without having to find the button. The next week, checkout completion is at 71 percent. No plugin installed, no subscription started, no settings page touched after the initial run.
Goes further with TrueCommander
google login and facebook login macro triggers fire each time a visitor completes a social sign-in. Use them to send a welcome email, assign a role, or add the user to a list.redirect command to send brand-new users to an onboarding page while returning members land in their dashboard.limit login attempts so the remaining endpoint stays rate-limited against bots.