This is a known issue with WP engine, and it’s due to how their infrastructure works.
WSL requires that PHP sessions are enabled and working for unconnected users, however it’s not the case with WP engine as stated on their website (https://wpengine.com/support/cookies-and-php-sessions/)
Cookies and PHP $_SESSION variables are used by many plugins and themes for WordPress. While we don’t currently prevent cookies or sessions, they may not work as you expect on our servers.
WP Engine implements Page caching as a primary method of speeding up the sites that we host … When a visitor is served a cached version of the site, then the PHP code is not executed. This means that any PHP code that looks for cookies or handles session variables will not work, simply because it is not running.
It has been reported on many occasions, that calling their support can solve the issue. WP engine staff have the ability to make the plugin work for you by disabling their caching system only for the pages used by WSL.
By default, WSL will requires these two urls to be white-listed:
wp-login.php
wp-content/plugins/wordpress-social-login/hybridauth/
To my knowledge, there are also another workaround, to which I take no credit nor do I recommend it. Please check with WP engine customer support to know if this is permitted by them.
This workaround consist on creating a dummy authentication cookie for just 15 seconds and only for WSL endpoints, which should disable the caching system for a short frame of time and make WSL work.
function wsl_whitelist_endpoint()
{
setcookie( LOGGED_IN_COOKIE, md5(rand()), time()+15, preg_replace('|https?://[^/]+|i', '', WORDPRESS_SOCIAL_LOGIN_HYBRIDAUTH_ENDPOINT_URL ) );
}
add_filter( 'wsl_process_login_start', 'wsl_whitelist_endpoint' );
