When I first started building my own video classroom system, my goal was simple:<\/p>\n\n\n\n
I wanted teachers to log into our WordPress\/BuddyBoss portal, click Start Class<\/strong>, and enter their assigned Jitsi classroom automatically \u2014 without needing a second Jitsi username and password.<\/p>\n\n\n\n Students, on the other hand, needed to stay simple. They should be able to open the classroom link and join as guests after the teacher starts the room.<\/p>\n\n\n\n This article explains how I tested and successfully connected WordPress to a self-hosted Jitsi Meet server using JWT tokens.<\/p>\n\n\n\n Before JWT, my Jitsi production system was already working.<\/p>\n\n\n\n The production Jitsi server used:<\/p>\n\n\n\n The teacher flow was:<\/p>\n\n\n\n This worked, but it still required teachers to manage a separate Jitsi login. Since the teachers already log into the WordPress portal, I wanted WordPress to handle the Jitsi entry.<\/p>\n\n\n\n JWT stands for JSON Web Token.<\/p>\n\n\n\n In this setup, JWT allows WordPress to create a secure, short-lived \u201centry ticket\u201d for Jitsi.<\/p>\n\n\n\n Instead of the teacher typing a Jitsi username and password, WordPress generates a token that says:<\/p>\n\n\n\n \u201cThis logged-in teacher is allowed to enter this exact room as a moderator.\u201d<\/p>\n\n\n\n The Jitsi URL looks like this:<\/p>\n\n\n\n The token is created server-side by WordPress, signed with a secret that Jitsi also knows, and expires after a short period.<\/p>\n\n\n\n This is important because the full token URL should not be permanent. It should be generated fresh each time the teacher clicks the button.<\/p>\n\n\n\n The most important decision was this:<\/p>\n\n\n\n I did not switch my production Jitsi server directly to JWT.<\/p>\n\n\n\n Instead, I created a separate JWT test environment.<\/p>\n\n\n\n The final strategy was:<\/p>\n\n\n\n This gave me a safe lab to test JWT without risking live classes.<\/p>\n\n\n\n The test server was created from the working production Jitsi setup, then modified carefully:<\/p>\n\n\n\n This allowed production to stay untouched while the JWT workflow was developed.<\/p>\n\n\n\n The web part of Jitsi worked quickly through Traefik.<\/p>\n\n\n\n The harder part was media.<\/p>\n\n\n\n Jitsi video\/audio does not rely only on HTTPS. The Jitsi Videobridge needs UDP media traffic.<\/p>\n\n\n\n In production, the media port was:<\/p>\n\n\n\n For the JWT test VM, I used:<\/p>\n\n\n\n At first, the meeting opened but disconnected after a little while. The problem was not WordPress and not JWT. The issue was that UDP 11000 was forwarded in Proxmox NAT, but not yet allowed in the Hetzner firewall.<\/p>\n\n\n\n Once the firewall rule was expanded to allow the test media port, the meeting became stable.<\/p>\n\n\n\n That was an important reminder:<\/p>\n\n\n\n For the WordPress side, I used a safe two-part method.<\/p>\n\n\n\n The JWT secret should not be stored directly inside a snippet or displayed inside the WordPress admin interface.<\/p>\n\n\n\n Instead, I placed it in This keeps the secret outside the visible WordPress snippet editor.<\/p>\n\n\n\n I used Fluent Snippets to create a WordPress shortcode.<\/p>\n\n\n\n The snippet type was:<\/p>\n\n\n\n The shortcode generated a fresh JWT token and displayed a simple button:<\/p>\n\n\n\n The button showed:<\/p>\n\n\n\n When the teacher clicked Start Class<\/strong>, WordPress generated a fresh JWT link and opened the Jitsi room.<\/p>\n\n\n\n I used BuddyDev\/BuddyPress User Profile Tabs Creator Pro to create the teacher meeting tab.<\/p>\n\n\n\n One important lesson:<\/p>\n\n\n\n Do not put the JWT link directly into the BuddyDev tab URL.<\/p>\n\n\n\n Why?<\/p>\n\n\n\n Because JWT links expire.<\/p>\n\n\n\n Instead, I placed the shortcode inside the subnav content area:<\/p>\n\n\n\n That way, WordPress generates a fresh token each time the page loads.<\/p>\n\n\n\n The final method was:<\/p>\n\n\n\n This avoided iframe issues and avoided static expired links.<\/p>\n\n\n\n At one point, the Jitsi page showed:<\/p>\n\n\n\n The cause was simple but easy to miss.<\/p>\n\n\n\n The JWT secret in Mistakes included:<\/p>\n\n\n\n The correct secret format must be only the secret value:<\/p>\n\n\n\n No spaces. This was caused by the test Jitsi media port not being allowed in the firewall.<\/p>\n\n\n\n The fix was:<\/p>\n\n\n\n After that, video and audio stayed stable.<\/p>\n\n\n\n At one point, the PHP snippet broke because of mixed PHP\/HTML and a missing closing The fix was to make the snippet return the HTML as a string instead of mixing too much open\/close PHP.<\/p>\n\n\n\n The final test succeeded.<\/p>\n\n\n\n The working flow is now:<\/p>\n\n\n\n This proved that the WordPress-to-Jitsi JWT workflow works.<\/p>\n\n\n\n Even though the test worked, I did not immediately switch production.<\/p>\n\n\n\n The production server is still working with internal authentication, and live classes depend on it.<\/p>\n\n\n\n The safe production plan is:<\/p>\n\n\n\n The final strategy is:<\/p>\n\n\n\n This project proved something important:<\/p>\n\n\n\n A self-hosted Jitsi Meet server can be connected to a WordPress\/BuddyBoss teacher portal using JWT tokens.<\/p>\n\n\n\n The result is much cleaner for teachers.<\/p>\n\n\n\n Instead of remembering another Jitsi password, the teacher simply logs into WordPress and clicks Start Class<\/strong>.<\/p>\n\n\n\n Students still have a simple guest experience.<\/p>\n\n\n\n The key lessons were:<\/p>\n\n\n\n This was not a one-click setup, but it created a strong foundation for a real online classroom platform.<\/p>\n","protected":false},"excerpt":{"rendered":" JWT Token with Jitsi When I first started building my own video classroom system, my goal…<\/p>\n","protected":false},"author":1,"featured_media":3315,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_kad_blocks_custom_css":"","_kad_blocks_head_custom_js":"","_kad_blocks_body_custom_js":"","_kad_blocks_footer_custom_js":"","_kadence_starter_templates_imported_post":false,"_kad_post_transparent":"","_kad_post_title":"","_kad_post_layout":"","_kad_post_sidebar_id":"","_kad_post_content_style":"unboxed","_kad_post_vertical_padding":"","_kad_post_feature":"","_kad_post_feature_position":"above","_kad_post_header":false,"_kad_post_footer":false,"_kad_post_classname":"","footnotes":""},"categories":[30,32,17],"tags":[],"class_list":["post-3314","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-server","category-proxmox","category-wordpress"],"taxonomy_info":{"category":[{"value":30,"label":"Server"},{"value":32,"label":"proxmox"},{"value":17,"label":"wordpress"}]},"featured_image_src_large":["https:\/\/muhammadsoliman.com\/wp-content\/uploads\/2026\/06\/ChatGPT-Image-Jun-10-2026-12_05_20-AM-1024x576.png",1024,576,true],"author_info":{"display_name":"Muhammad Soliman","author_link":"https:\/\/muhammadsoliman.com\/author\/muhmmad-soliman\/"},"comment_info":0,"category_info":[{"term_id":30,"name":"Server","slug":"server","term_group":0,"term_taxonomy_id":30,"taxonomy":"category","description":"","parent":0,"count":4,"filter":"raw","cat_ID":30,"category_count":4,"category_description":"","cat_name":"Server","category_nicename":"server","category_parent":0},{"term_id":32,"name":"proxmox","slug":"proxmox","term_group":0,"term_taxonomy_id":32,"taxonomy":"category","description":"","parent":0,"count":3,"filter":"raw","cat_ID":32,"category_count":3,"category_description":"","cat_name":"proxmox","category_nicename":"proxmox","category_parent":0},{"term_id":17,"name":"wordpress","slug":"wordpress","term_group":0,"term_taxonomy_id":17,"taxonomy":"category","description":"","parent":0,"count":3,"filter":"raw","cat_ID":17,"category_count":3,"category_description":"","cat_name":"wordpress","category_nicename":"wordpress","category_parent":0}],"tag_info":false,"_links":{"self":[{"href":"https:\/\/muhammadsoliman.com\/index.php\/wp-json\/wp\/v2\/posts\/3314","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/muhammadsoliman.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/muhammadsoliman.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/muhammadsoliman.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/muhammadsoliman.com\/index.php\/wp-json\/wp\/v2\/comments?post=3314"}],"version-history":[{"count":2,"href":"https:\/\/muhammadsoliman.com\/index.php\/wp-json\/wp\/v2\/posts\/3314\/revisions"}],"predecessor-version":[{"id":3317,"href":"https:\/\/muhammadsoliman.com\/index.php\/wp-json\/wp\/v2\/posts\/3314\/revisions\/3317"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/muhammadsoliman.com\/index.php\/wp-json\/wp\/v2\/media\/3315"}],"wp:attachment":[{"href":"https:\/\/muhammadsoliman.com\/index.php\/wp-json\/wp\/v2\/media?parent=3314"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/muhammadsoliman.com\/index.php\/wp-json\/wp\/v2\/categories?post=3314"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/muhammadsoliman.com\/index.php\/wp-json\/wp\/v2\/tags?post=3314"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}The Starting Point<\/h2>\n\n\n\n
\n
\n
Why JWT?<\/h2>\n\n\n\n
https://jwt-meet.example.com\/teacher-room-name?jwt=SECURE_TOKEN\n<\/code><\/pre>\n\n\n\nThe Safe Testing Strategy<\/h2>\n\n\n\n
Production Jitsi VM:\nmeet.example.com\nInternal authentication\nStill used for live classes\n\nJWT Test Jitsi VM:\njwt-meet.example.com\nJWT authentication\nUsed only for testing\n<\/code><\/pre>\n\n\n\n\n
Network and Firewall Lessons<\/h2>\n\n\n\n
UDP 10000\n<\/code><\/pre>\n\n\n\nUDP 11000\n<\/code><\/pre>\n\n\n\nJitsi web access and Jitsi media access are different things.\nTraefik handles HTTPS.\nJitsi media still needs proper UDP forwarding.\n<\/code><\/pre>\n\n\n\nWordPress Integration<\/h2>\n\n\n\n
1. Store the JWT Secret in wp-config.php<\/h3>\n\n\n\n
wp-config.php<\/code>:<\/p>\n\n\n\ndefine('ULAMA_JITSI_JWT_TEST_DOMAIN', 'jwt-meet.example.com');\ndefine('ULAMA_JITSI_JWT_TEST_APP_ID', 'ulama-jwt-test');\ndefine('ULAMA_JITSI_JWT_TEST_APP_SECRET', 'PASTE_SECRET_HERE');\n<\/code><\/pre>\n\n\n\n2. Use Fluent Snippets for the Button Logic<\/h3>\n\n\n\n
Functions \/ PHP Functions\nPriority: 10\nRun: Everywhere\n<\/code><\/pre>\n\n\n\n[ulama_jitsi_soliman_jwt_test]\n<\/code><\/pre>\n\n\n\nMy Live Classroom\nClick below to open your assigned Ulama classroom.\nStart Class\nTeacher access link expires in 4 hours.\n<\/code><\/pre>\n\n\n\nBuddyBoss \/ BuddyDev Tab Setup<\/h2>\n\n\n\n
[ulama_jitsi_soliman_jwt_test]\n<\/code><\/pre>\n\n\n\nBuddyDev subnav content \u2192 shortcode \u2192 WordPress generates JWT \u2192 teacher clicks Start Class\n<\/code><\/pre>\n\n\n\nTroubleshooting Problems I Hit<\/h2>\n\n\n\n
Problem 1: \u201cAuthentication failed\u201d<\/h3>\n\n\n\n
Authentication failed\nSorry, you're not allowed to join this call.\n<\/code><\/pre>\n\n\n\nwp-config.php<\/code> did not exactly match the secret on the Jitsi server.<\/p>\n\n\n\n\n
\\n<\/code> before and after the secret<\/li>\n\n\n\ndefine('ULAMA_JITSI_JWT_TEST_APP_SECRET', '64_CHARACTER_SECRET_ONLY');\n<\/code><\/pre>\n\n\n\n
No line breaks.
No JSON.
No labels.<\/p>\n\n\n\nProblem 2: Meeting Opened but Disconnected<\/h3>\n\n\n\n
Allow UDP 11000 for the JWT test VM\n<\/code><\/pre>\n\n\n\nProblem 3: Snippet HTML Broke<\/h3>\n\n\n\n
});<\/code>.<\/p>\n\n\n\nFinal Successful Result<\/h2>\n\n\n\n
\n
Why Production Was Not Changed Yet<\/h2>\n\n\n\n
\n
.env<\/code>.<\/li>\n\n\n\nDo not move the test VM into production.\nUse the test VM as the lab.\nCarefully rebuild the proven JWT method on the original production Jitsi VM.\n<\/code><\/pre>\n\n\n\nFinal Thoughts<\/h2>\n\n\n\n
\n