OpenID Enabling a WordPress Blog
Posted on January 19, 2008
18 Comments
With the help of a plugin and a few minutes of your time, it is very easy to setup your WordPress blog to be an OpenID consumer. There are tons of OpenID providers helping folks get setup — let’s give those folks places to use ‘em.
I assume you already have an OpenID — if not, go get one! While you don’t need one,with one you’ll be able to follow along in the admin section below.
But first, what is OpenID? OpenID.net describes it as:
OpenID eliminates the need for multiple usernames across different websites, simplifying your online experience.
You get to choose the OpenID Provider that best meets your needs and most importantly that you trust. At the same time, your OpenID can stay with you, no matter which Provider you move to. And best of all, the OpenID technology is not proprietary and is completely free.
Done right, it can save you a heckuva lot of typing of usernames and identifying information — and having to remember them for various sites and applications.
The Plugin Setup
The plugin that I am using is called (cleverly enough) WP-OpenID and is very straight-forward to setup and use. Grab it, upload it and activate it to get rolling (see Managing Plugins in the WordPress Codex if you need help).
Small note: I had issues with it at first. Upgrading my hosting to PHP 5.x straightened everything out though. Something to watch for if you’re still on PHP 4.
After activating, visit Options -> WP-OpenID. There are only two options here.
- Automatic Approval - Want to automatically approve any comment left by someone using OpenID? Check this box. Probably safe until the spammers twig to it… I’m leaving it unchecked as I don’t trust the spammers to remain ignorant.
- Comment Form - Automagically update your blog’s comment form to use the URL field for OpenID. Thus, your commenter need only enter the one field instead of name/email/URL. I have this one enabled. Down the road I may get fancier with how I present the form, but this suffices for the moment.
And with that, you’re ready to accept comments from OpenID authenticated readers.
Admin Enabling
But wait, what about you, the admin of your blog? Well, as admins we now have the ability to use our OpenID to log into our blog. Is this a good thing? I believe so. I’m using VeriSign PIP (personal identity provider) as my OpenID provider and they give me two-factor authentication:
- Something I know - a password
- Something I have - a SecurID token courtesy of PayPal.
To me, this feels much more secure than my existing WP admin password. If your OpenID provider is single-factor, do yourself a favor and concentrate on ensuring you have a strong password!
The WP-OpenID plugin changes the logon screen a bit:
However, we have to associate our WP identity to our OpenID identity before we can use that new login option.
While logged into your blog, visit Users -> Your Identity URLs. Just add your OpenID URL(s) to it by following the prompts.
Next, we probably want to beef up our default WP password since we don’t have type it so often anymore. Visit Users -> Your Profile and give it a good strong password. Perhaps use a heinous one from GRC’s password page?
Now, log out and sign in by just providing your OpenID URL. Cool, huh?
Tags: OpenID, plugin, security, tutorial, VeriSign, WordPress, WP-OpenID
Possibly Related Posts
Comments
18 Responses to “OpenID Enabling a WordPress Blog”
Leave a Reply
That is great. I some how missed your post about the Verisign/PayPal Security key open ID. That is the type of thing I was waiting for to push me over the hump to start using OpenID.
For you PiP fanboys
Check out their OpenID Seatbelt plug-in for FF. It forces OP authentication before an OpenID transaction to minimize phishing risk and adds an authentication status indicator to the bottom right of the browser.
https://pip.verisignlabs.com/seatbelt.do
Great point, Peter, I should’ve mentioned that plugin.
I also have turned on PiP’s “Signon Security” as an extra layer. Basically, I have to go to the pip page and signin before attempting to use my OpenID. Another block against phishing or other sorts of redirects.
Hi Chris:
I’m trying to set up my openID. I have the id created at http://mattjhsn.myopenid.com/
I’ve added the delegate code to the front page of my blog at http://mattjhsn.org/blog/
< link rel="openid.server" href="http://www.myopenid.com/server" / >
< link rel="openid.delegate" href="http://mattjhsn.myopenid.com/" / >
{spaces added}
But I still cannot comment on your blog. I get the message “Error: please fill the required fields (name, email).” from the URL http://www.solo-technology.com/blog/wp-comments-post.php
I see from the post above that you’ve enabled commenting with an openID and I do see the openID brand mark by the URL field. Any ideas on if I’m doing something wrong?
I do already have an account on your blog. Maybe you have to delete that before I can use my openID id???
-Matt Johnson
Hmm, no that wouldn’t be it as I don’t allow users to register. Do you have a cookie from my blog? Mayhaps you need to delete it before trying?
Also (a bit of guessing here) you may need to have already visited and authenticated with your openid provider before commenting here (within the current browser session).
And heck, since I’m guessing… have you tried both of your OpenID URLS? In particular, I wonder if the original non-delegated one works?
Oh people can post comments without registering? I didn’t know that. Maybe I’ll have to turn off accounts on my blog.
(This is a xtest xpost from me at htttp://mattjhsnx.myopenidx.comx)
Did you test it on WordPress 2.3.2?
@Matt - for the OpenID commenting, only fill in the URL field of the comment form.
@Hadret - I’m running 2.3.2 so I feel that I did, yes
Hi Chris: Yes, that’s what I tried first, URL field only. I had not cleared the cookies though from either http://www.solo-technology.com or http://www.myopenid.com . Now I have so we will see if this post works.
First Submit: Used ID http://mattjhsn.org/blog/ — Received message “Please fill in the two required fields”
Second Submit: Using http://mattjhsn.myopenid.com
(all with Safari 3.0.4)
Edit: Yes it seems I did. And I have the edit box and countdown timer too now! yay. Ok, I’m off, bye for now.
Hey Matt - you got it on that one!
Test comment.
Tonight I tried again with http://mattjhsn.org/blog/ as my OpenID and I still get “Error: please fill the required fields (name, email).” This OpenID worked logging in to http://www.livejournal.com/ and http://ma.gnolia.com/. http://mattjhsn.myopenid.com _does_ work, so I hypothesize mattjhsn.org/blog doesn’t work because it is a delegate ID. Maybe the WordPress plug-in doesn’t like my delegate code entry on my blog page or doesn’t like the myopenid.com service provider.
I’d find the original author and open a bug report, but I’m too lazy at the moment.
I do believe you are correct there, Matt.
I’ve noticed similar issues with my delegated id and this plugin on some other blogs.
Apparently yahoo is on the OpenID bandwagon. They are starting a beta with information at http://openid.yahoo.com This is a test post with my new yahoo identification. -Matt
Added the openid.server and openid.delegate directives to the root page at mattjhsn.org so I’m now testing if that will work on wordpress.
Entering “http://mattjhsn.org/” in the website field.
Oh jeez, what a nice identifier. “a/RRkrbgsRleAw_OCx9nlilTLrK6dwnGF_i1UrYg–#902e3″ is my name, don’t say it twice! They don’t currently allow use of delegates.
The tech crunch article on the yahoo open id announcement: http://snurl.com/1z0yl
@Matt: That Yahoo URL you used has to be the most hideous thing I’ve seen!
Now, why aren’t they an OpenID consumer though? Why can’t I login to flickr, del.icio.us and Y! Mail with an OpenID URL? Putzes.
I know. They have half of an implementation so far. Let’s hope they are working on the other half. Also one cannot associate their own URL with the yahoo OpenID. Lame.
Hope you don’t mind me testing my OpenID!