How to add OpenID functionality to Wordpress
Comments
I've recently decided to add Comment as OpenID functionality to
my wordpress blog. The reasons to do that is that I myself have
today created an OpenID account. Already million of people
have OpenID account without even knowing. Most major search engines
and social websites like Google, Yahoo, Live Journal, Hyves,
Blogger, Flicker, MySpace automatically creates an OpenID
account for newly registered users.
It is up to the user to check with each of the aforementioned
providers what is the URL of their OpenID account.
Even though OpenID popularity is steadly rising, I'm sure
there are still plenty of users who did not heard, used or noticed
OpenID yet.
So What the heck is OpenID?
For all those who still haven't heard about it, OpenID is a
universal web site login system With just one "unified" OpenID
account the user can login to multiple websites with no need to
create multiple accounts across each and every different website on
the internet.
The only requirement for the user to be able to use OpenID is that
the website in question to have (support) for OpenID credential and
the user to have existing OpenID account.
Therefore using one single OpenID you can sign in as a certain user
to multiple websites on the internet with no need for annoying
registration process to each and every new website you encounter.
Another benefit OpenID gives to the user is that you don't have to
memorize or keep notes of a tens or thousands of different login
accounts across the many different websites on the net.
Using OpenID also saves the user from troubles with
forgotten password or username as just one OpenID login is used to
login you everywhere.
For Wordpress blogging platform the Russian Igor Korolev,
has written a wordpress plugin - comments-to-wordpress .
This plugin adds support for OpenID authentication in
Wordpress comments.
Here is how to OpenID to Wordpress:
1. Download the comments-with-wordpress plugin and
unzip As of writting of this article latest
comments-to-wordpress plugin is ver. 1.4.
Download the plugin to blog path directory lets say,
/var/www/blog/wp-content/plugins/ and unzip:
Next the plugin has to be Enabled, just like any other wordpress
plugin via admin menus:
Plugins -> Inactive -> Comments with OpenID
(enable)
Once the plugin is enaabled it is necessery to add some code with a
text editor in file
/var/www/blog/wp-content/themes/default/comments.php
Small noet to make here: If you're not using the default Wordpress
theme (like I do), you will have to edit the
/themes/your-theme-name/comments.php instead.
Save the comments.php file and you Identification for new comments
with OpenID will appear in your wordpress Comments form.
The OpenID plugin will add a number of service OpenIDs to choose
between like you can see in my blog's plugin section or the
screenshot below:
The URL https://www.google.com/accounts/o8/id is just a
sample and showed because I clicked on the Google icon. If you have
a Google profile you can check the exact ID and use it as URL
there. Simply if your browser is logged in Gmail and you have
Google profile. OpenID should work. As you can see the plugin
supports a number of services which already support OpenID auth,
the list of services can be easily extended by adding minor changes
in
.../plugins/comments-with-openid/comments-with-openid.php
There is also another wordpress plugin with the
openid name -
http://wordpress.org/extend/plugins/openid/
Downloading and enabling the other openid plugin also adds
support for OpenID login in your http://your-url.com/wp-admin/
login page.
Installing the OpenID plugin is needed especially if you're
a blogger blogging on 5 or 10 different topic oriented blogs, once
downloading and installing the OpenID plugin will allow you to
login across the blog ring without loosing time or bothering to
remember different passwords across all the blogs. Here is a
screenshot of the /wp-admin wordpress login page with the
OpenID wp plugin enabled:
As of time of writting according to
http://openid.net/get-an-openid/what-is-openid/'s website
there are over 50000 major websites on the net already accepting
OpenID login.
Of course as every technlogy OpenID is not perfect and along
with its convenience in some cases it could impose security hole.
OpenID opponents claim under some circumstances OpenID is prone to
forgery, XSS (cross site scripting) and XSFR attacks.
Everyone who is about to use OpenID should be also aware of the
great security risk it impose if one OpenID account gets stolen
through sniffing, this could mean multiple websites can be accesses
with the one single OpenID by the malicious user and a lot of
confidential data owned by the user can be revealed or deleted
...
With this said I think OpenID is not a recommended login technology
for Windows users, as windows is famous for being vulnerable to so
many Viruses and Spyware/Malware etc..
With non-free software OSes like MS Windows, the user never
cannot for sure if the system is infected, hence using OpenID to
transfer credentials over the internet or store an OpenID SSL/(TLS)
certificate to identify in websites is TOO DANGEROUS!
Hope this article was helpful. Cya