[Plugin: WP-OpenID] OpenID overrides website in profile? (4 posts)

  1. heypete
    Posted 7 years ago #


    I want to use OpenID to login to my self-hosted WordPress blog, as my host does not support SSL, and I feel a bit iffy about sending login data over the internet in the clear. VeriSign's PIP OpenID service supports SSL and certificate-based logins, so I'd ideally like to use that.

    I installed and configured the WP-OpenID plugin, and things seem to work as expected with one exception: the OpenID URL (in my case, it's [username].pip.verisignlabs.com) overrides the existing website in my user profile.

    This is a Bad Thing, as I don't want to include this URL in comments I post. It's not because the OpenID URL contains sensitive information (it doesn't -- there's no publicly-viewable information there at all), but simply because I'd rather include a URL that points to my actual website, rather than to my OpenID URL.

    Is there any way to setup WP-OpenID simply for logging in to the administrative interface of my blog? At the very least, is it possible to not have WP-OpenID override the website in my profile?

  2. Varsity
    Posted 7 years ago #

    You can add a link elements to your homepage's header:

    <link rel="openid.delegate" href="[username].pip.verisignlabs.com" />

    That ought to do do it with a redirect. :-)

  3. Will Norris
    Posted 7 years ago #

    overriding the profile URL is designed to prevent someone from spoofing a comment as someone else. The current version of the plugin (v3.0) does include an OpenID provider now, so you should be able to simply set your own site as a verified OpenID, and then set it as your profile URL.

  4. amandabee
    Posted 7 years ago #

    This is crazy.

    I don't understand how forcing a profile URL prevents spoofing. It is one thing for me to use my gmail identity to access WordPress. It is another to require me to make my openID my URL.

Topic Closed

This topic has been closed to new replies.

About this Topic