Creating a Digital Identity with OpenID and WordPress

Posted by: TomS on April 16, 2011 @ 4:05 pm

OpenIDOpenID is an open standard for a distributed system that allows users to authenticate with a single identifier on sites across the internet.  For a while now, OpenID has promised to become the tool that lets internet users login to all sites using a single account, and recently, with many of the big web comapnies (Google, AOL, Yahoo, MyOpenID) becoming OpenID providers, and many smaller sites starting to support OpenID authentication, OpenID is coming into its own.  Yes, its still fragmented, yes there’s many sites that still don’t use it, but things are getting better, and for me, there’s enough value in it now, that I want to use my blog as my OpenID for my internet persona.

I have a couple unique requirements for what I’m trying to do, so let me set that up first.  I have a public online persona that I use for this blog and other sites online related to running and technology.  I have no illusions of privacy.  I am sure anyone who is determined enough can find out plenty of personal information from my activity, but in general, most people that come to this site are looking for content about the information I post.  I would rather not broadcast my personal information to all those people so I try and keep my public online accounts separate from my personal ones.

That being said, its a pain to manage multiple logins and passwords, log in and out of sites, and so on.  OpenID can be really useful with this task, and that’s what I’m trying to do: use my WordPress blog at as my digital identity for public web activity and convert as many accounts over to it as possible.  BUT, I don’t always want to remember a second password for my public persona, so I’d still like to be able to login with my private personal OpenID, without broadcasting it to the world.

So here are my requirements:

  • Set up my blog as an OpenID provider.
  • When authenticating at my blog, be able to login using OpenID authentication from another provider (i.e the OpenID I use for my personal activity).
    • I don’t necessarily want to do OpenID delegation here, since it will publicly broadcast my other OpenID.
  • Be able to manage my user account settings on my blog, so I can switch between other OpenID providers I use to authenticate.
    • This gives me portability in the future if I decide to switch OpenID providers.

As usual, WordPress already has all the tools I need available in its extensive plugin library.  Here are the steps I followed to get this up and running.

Install the Plugins

To get OpenID working on my blog, I installed two plugins.  The first is the WordPress OpenID plugin from DiSo Development Team.  This plugin provides support for logging into WordPress using OpenID, managing OpenIDs, and using WordPress as an OpenID provider.  It also has support for authenticated comments using OpenID.  I’m not too concerned with the comments for now, but the main 3 features accomplish everything I’m looking for.

Installation was fairly straightforward.  I logged in as the admin user and installed the plugin directly from the dashboard.  In order for the plugin to provide OpenID provider services, the XRDS-Simple plugin must also be installed.  The OpenID plugin also has a few required PHP libraries so after installing the two plugins, its best to test the configuration by going to Settings > OpenID and clicking Toggle More/Less under the Troubleshooting section.  The report will tell you if you’re missing any required libraries, or if there are any configuration issues with the plugins.  Mine was ok right out of the box.

Configure Open ID Provider

After installing the plugins, you’ll want to configure your blog as an OpenID provider.  For my purposes, I am the only user of my blog (besides the admin user), so I want the main blog url ( to be used as an OpenID that identifies me.

To do this, I logged in as the admin user.  The OpenID plugin puts its provider settings under Settings > OpenID.

The first step is to select which types of users can be identified by WordPress.  For me, I only want my account to be identified from my site, and I’m an Editor, so I chose Editor checkbox for the Enable OpenID field.

Normally, WordPress will assign the user’s url as the OpenID provider.  For me, that’s, but I want to use the main URL as my OpenID provider.  OpenID makes this pretty easy.  I just chose my username from the Blog Owner drop-down, and I could then use my main blog url as the OpenID identifier for my WordPress user.

So what did this actually do for me?  Now when I want to log in to another site that supports OpenID, I simply use the URL to log in.  The authentication request will be forwarded over to my blog, where I can log in with my blog username and password.  So I’m halfway there.  I still want to make it so that instead of using my normal blog username and password when logging into my own WordPress site, I can log in with the OpenID that I normally use on most places on the internet (i.e. an OpenID for a yahoo account, or a gmail account).

If you’re curious what this plugin actually does, it adds a few tags to the <head> of the HTML of the root of my site.  You can see what they look like below.  These tags identify the URL of my WordPress blogs OpenID service, as well as identify that actually delegates to my user’s OpenID page (this was from setting my username as the owner of the blog).

<link rel="openid2.provider" href="" />
<link rel="openid2.local_id" href="" />
<link rel="openid.server" href="" />
<link rel="openid.delegate" href="" />

Configure OpenID Accounts

Now I want to make it so that instead of remembering an additional strong password for my blog account, I want to be able to use the normal OpenID I use on other places of the web, but do so WITHOUT publicly broadcasting the other OpenID.

I could have set up my user account to delegate to a Google OpenID for example, but by doing so, that would change the openid.delegate link tag as shown above to the URL of my Google profile page.  That’s not really what I want, since anyone looking at the source of my website will see this implicit link to my Google account. I’ll avoid delegation in this case, but it is a very nice option if you don’t mind the link between accounts being public.

Also, I purposely do not set up an OpenID login for the admin user of my blog.  I only use the admin user for administrative tools, and I only access it from home with a strong password.  It is not a large hassle to use a login/password when I need the admin account, but it is entirely possible to also link the admin user to another OpenID.

So to set up my OpenID login, I logged into the WordPress dashboard as the user I want to create the OpenID login for.  I clicked on Profile > Your OpenIDs, pasted the URL of the OpenID I wanted to use to login to my blog, and then hit Add OpenID.  The WordPress OpenID plugin also requires the URL in your user profile to be set to one of your OpenIDs, so I also added as one of the OpenIDs so I could retain that URL in my profile.  You can add as many OpenIDs as you would like here.  Using any of them at the login page will log you into the same WordPress user account.

Once this was done, I logged out of my account to test the setup.  To test it, simply go back to the login screen.  In addition to asking for a username/password, the form also allows you to now paste an OpenID url.  If you put in the URL of the OpenID you just added to your account, it should now log you into WordPress.

Additionally, if you now try to login to a 3rd party site, and use the url of your blog, it will forward the request to your WordPress login page.  If you’re not already logged in, WordPress will prompt you to authenticate (which you can do using your normal OpenID now), and then WordPress will ask you to confirm that 3rd party site can be linked to your site.

This setup allows you to now use a personal OpenID to authenticate into you blog, and it also allows you to use your blog as an OpenID across the internet without exposing your personal OpenID.

As an added bonus, your blog’s OpenID is now portable.  If you want to stop using your Google OpenID, and use a Yahoo one, for example, just update the OpenIDs in your profile to reflect this.

One Click Authentication

OpenID Selector

WordPress Log In Screen with OpenID Selector

One rough edge of the WordPress OpenID plugin is that you must type or paste your OpenID to login, and in some cases, these URLs can be rather long.  In many cases, (Google, Yahoo, MyOpenID, etc.), the OpenID urls follow a standard naming convention.  WP OpenId Selector from ST2i is a nice plugin that augments the OpenID login textbox with a few clickable buttons for the main OpenID provider.  I much prefer this one (or sometimes two or more) click interface to having to type in the OpenID url manually everytime.  The login form ends up looking like the screenshot at the right.

Other Thoughts

As I mentioned at the start, I’m under no impression that this really makes my hackrunner activity completely separate from my personal web activity, but I do think it strikes a nice balance on several points.

First, it gives me a nice balance between convenience and portability.  It allows me to remember one login/password (the one I use for my personal activity with my main OpenID provider) and still be able to login to my blog to create and edit posts.  If I ever want to switch the OpenID I use to login, WordPress lets me manage that, while still keeping as the permanent OpenID identifier I will use for other places on the web.

Second, for me its a level of security I am comfortable with.  If my main OpenID is ever compromised, it means that people can now compromise my blog, but I do have the admin account locked down with a strong password that isn’t accessible with OpenID.  In a pinch, I could quickly log on as the admin, disable the OpenID authentication as well as all other accounts and shutoff any users who may have gained access through OpenID compromised authentications.

Finally, it gives me a better way of keeping my digital identity for separate. I’m one step closer to having one single login for hackrunner, and another one for my personal stuff.  There’s still a ton of sites out there that don’t support OpenID for authentication, but its definitely becoming more prevalent, and I’m hoping this will set me up to manage my identity much more simply in the future.

I haven’t seen many articles or posts using WordPress and OpenID in this way (to login to WordPress with personal OpenID, but hide this personal OpenID when using WordPress as an OpenID provider).  Has anyone else out there done it this way?  Are there any hidden pitfalls I’m missing?


2 responses to “Creating a Digital Identity with OpenID and WordPress”

  1. kishore says:

    Thank you very much for the detailed information on Open ID, i have been searching on how to create open id using my wordpress blog.

    Could you please write on how to create a facebook fan page for my blog(self hosted wordpress).

  2. […]  and for hosted wordpress using plugins @  July’s theme for Joomla from JoomlaBamboo – Nebula […]

Leave a Reply