OpenID For WordPress

OpenID For WordPress

Update: 12th October 2007 – this project is to be considered abandoned. Please see How To Set Up OpenID For WordPress Comments instead. Thanks for the support and for your interest in OpenID.

THIS IS ALL HORRIBLY OUT OF DATE. THE DOWNLOAD LINKS DON’T WORK, I KNOW. GET OVER IT. More seriously now, I am working on a new version of this that actually works as a WordPress 2.0.x plugin. It’s very nice, but it’s not finished. Watch this space. In the meantime, why not take a look at OpenID Comments For WordPress (which is based on my preliminary work, here). Thanks for all the attention, guys.

As promised, I’m releasing the first usable version (v0.4) of my WordPress OpenID plugin tool. It’s very, very messy and a little buggy. Plus, installing it requires that you hack a few PHP files… use at your own risk. You’ll need a WordPress v1.5 weblog. Download this package and decompress it to your WordPress directory. It will create an openid_icons directory, a file called openid.php (the main codebase), and a file called openidform.php (the form that appears on your blog). Edit openid.php and substitute your own weblog URL in at the appropriate places (near the top). Link in the login form wherever you like. I’ve done so in my theme’s “sidebar.php” file, with the following code: <?php include (TEMPLATEPATH . '/openidform.php'); ?> In your main index.php, add a line to include the openid.php file. This will allow logins and logouts to be processed. Something like this: <?php require_once('openid.php'); ?> In wp-comments-post.php (the comments processor), substitute the following code in under “// If the user is logged in”: // If the user is logged in get_currentuserinfo(); if ( $user_ID ) { $comment_author = addslashes($user_identity); $comment_author_email = addslashes($user_email); $comment_author_url = addslashes($user_url); } elseif ($_SESSION['sess_openid_auth_code'] != "") { $comment_author = addslashes($_SESSION['sess_openid_auth_code']); $comment_author_email = ""; $comment_author_url = addslashes($_SESSION['sess_openid_auth']); } else { if ( get_option('comment_registration') ) die( __('Sorry, you must be logged in to post a comment.') ); } Notice the extra section, relying upon $_SESSION[‘sess_openid_auth_code’]. That’s the magic bit. And it should ‘just work’. Let me know if it doesn’t; I’ll be improving the codebase over the coming weeks and I’d like to include your suggestions. If you need any help setting it up, I can probably help with that too, or even with adapting the code to work with other applications (than WordPress). Features so far:

  • Authenticate OpenID users
  • Easily authenticate OpenID users from particular servers, including members of LiveJournal, DeadJournal, and Level9
  • Authenticated OpenID users can post comments

Features to come:

  • Cookie-based “remember me”
  • Ability to authenticate WordPress users (e.g. the weblog owner) by an OpenID
  • “Friends Only” protected posts, which can only be read by certain authenticated users
  • AJAX-powered log-in (to save users from having their browsers redirected excessively, and because it can be made to look swish), where supported

If you want to help code, just drop me a message.

Dan Q is a software engineer, a director of a voluntary organisation, a trainee counsellor, a keen geocacher, and an amateur magician. He lives with his partner and her husband in a polyamorous triad, and occasionally finds time to blog.


  1. jonathana@livejournal 10 years ago

    Just testing this from OpenID.

  2. Scatman Dan 10 years ago

    See! It works!

  3. mannkind@livejournal 10 years ago

    I can’t seem to authenticate with my openid server to your plugin (on this website). I don’t have trouble logging into livejournal, the openid demo server, etc. But it just won’t login here. I can’t use my livejournal ID, however.

    Is this not yet implemented? Perhaps I just misread what it *could* do at this point in time?

  4. Where is “http_build_query” defined at?

  5. Scatman Dan 10 years ago

    Sounds like you’re having difficulty with this PHP function:

    It only came in in PHP version 5. Sorry; forgot to check on that; will try to fix (or, at least, warn people about it) for the next version.

  6. Scatman Dan 10 years ago

    In an e-mail to duck1123:

    http_build_query comes with PHP5:

    If you’re having difficulty with it, you probably don’t have PHP5 installed on your server. I’m not sure what other problems you might have as a result of this (sorry: will try to fix this bug, among others for version 0.5).

    In the meantime, there’s a block of code at:

    Which you should be able to transplant into your openid.php file (minus the “”, of course), right after the:


    lines. Hopefully that’ll fix the problem.

    I’ll make sure the next version gets tested on PHP4!

  7. Daniel E. Renfer 10 years ago

    I was just about to post the same thing. About 20 minutes after I posted that, I did a search. I simply pasted the sample just below that, and it’s worked so far for me. Do you pass that function any complex arrays? If so, I’ll switch to the first one. You may want to consider including that function into your code for compatability with PHP

  8. Daniel E. Renfer 10 years ago

    I was just about to post the same thing. About 20 minutes after I posted that, I did a search. I simply pasted the sample just below that, and it’s worked so far for me. Do you pass that function any complex arrays? If so, I’ll switch to the first one. You may want to consider including that function into your code for compatability with PHP < 5. This is great, I’ve got to hand it to you. I’ve been waiting for OpenId to come to WordPress. I plan on sending you any code / modifications that I make. Feel free to use them.

    One idea so far: You should turn the code from ‘openidform.php’ into a function, that way it matches the way that WordPress uses template tags. If you want, I can whip up some code and send it to you.

  9. Scatman Dan 10 years ago

    I’d love to see any improvements you can come up with. Things to do include:

    * A few tweaks to the RegExs: e.g. LJ ids can include numbers, blah blah.
    * Need to do some tests on mannkind@livejournal’s problem, above.
    * Add that http_build_query PHP4 compatability thing. No, I don’t use any complex arrays (by their definition) and by the OpenID spec, am never likely to, but I’d rather include the bigger, more powerful http_build query for completeness (so that people feel able to use it as http_build_query if they need to).
    * Tarpitting to prevent it from being used to (slowly) DoS somebody (potentially possible ATM, if it’s hosted on a powerful server).
    * Make it into a WordPress module, for easy installation/config – don’t yet know how to do this; any help appreciated.
    * Support DH encryption between the consumer (me) and the server (OpenID holder). It’s in the OpenID spec as optional.
    * AJAX support (for faster, slicker, prettier logons, for those who support it).
    * Ability to easily make “friends only” posts, visible to only people with certain OpenIDs.
    * Ability to associate WordPress logins with OpenIDs, facilitating administrative login using OpenID.

    Etc. etc.

    I’m a busy guy, so any help you can give is much appreciated.

  10. Mannkind 10 years ago

    Any changes? How goes openid authentication? :) I checked, but still cannot use my openid server here :(

  11. damon 10 years ago

    this whole thing is quite cool and seems to be working properly (though I haven’t really tested it.. it just looks right).

    I’m really looking forward to authentification on other sites being implemented. is there any hope of it soon?

  12. marcusv@livejournal 10 years ago

    I’m able to login as a livejournal user on my wordpress blog, but it doesn’t seem to be allowing comments for livejournal. I’ve replaced the code as specified in ‘wp-comments-post.php’ but it doesn’t seem to make any effect. Any suggestions?

  13. VxJasonxV 10 years ago

    Did you break it? :(
    I can’t logon via OpenID nor LiveJournal.

    I always get “The site you just came from seems to want to verify an identity that you, as vxjasonxv, cannot provide.” on LJ’s error page.

  14. Scatman Dan 10 years ago


    You’ll get that LiveJournal error message if you enter a LiveJournal ID that you aren’t currently logged in at LiveJournal as. So, if your LiveJournal ID is “jasonv”, you must (a) be logged in at with that ID and (b) either (1) enter that ID exactly into the box or (2) enter your LiveJournal OpenID (i.e. or

    There are a few bugs in my module at the moment, mostly relating to logging in using IDs containing both letters and numbers or special characters, which I’ll fix in the next version. Have another go.

  15. weezeld@livejournal 10 years ago

    Here’s the problem that I’ve found so far:
    If I put the OpenIDForm into my sidebar, I can login and have it show me great. However, as soon as I got into an individual post to leave a comment, the sidebar no longer shows me as logged in. If I try to login again, it does, but kicks me back out to the main page (instead of the comment page).

    Maybe the session information isn’t being passed from the index.php (main) to the single.php (where the comments are).

    Any thoughts on that?

  16. weezeld@livejournal 10 years ago

    One suggestion would be to have the icon of the authentication type displayed next to the user’s name in the comments. I see that you’re saving the email as, since it’s kinda irrelevant with an OpenID authentication.

    Suppose you stored it as openid@, livejournal@, deadjournal@, etc. This way the email could be parsed and display the icon inline next to the name.

  17. Scatman Dan 10 years ago


    Yeah, it sounds like your problem is session-related. Double-check that session_register(“sess_openid_auth_code”); appears somewhere in the headers, or something. I like your suggestion about showing authentication types as an icon.

    I’ll dig up this project and finish it one of these days.

  18. weezeld@livejournal 10 years ago

    I’m trying to teach myself PHP so I can get into my themes and hacks a bit closer. I know enough now to have been able to point out the possible problem, and look for it, but not sure how to resolve it. :)

    You mention that session_register(”sess_openid_auth_code”); should appear in the header somewhere. That’s what takes the session variables from page to page correct? It’s not in either my index.php or my single.php. Is this something that WordPress inserts when the page is generated, or is that part of the theme, or is it part of your plugin?

    I looked at the default WordPress theme, and I don’t see it there either. Looking at your openid.php code I see the following two lines at the beginning:

    Then in my index.php head, I’ve got the following line as per your instruction:

    So by doing that it’s should be supporting it.

    Now, should that require_once also be part of single.php? Does declaring it in two places allow the session variables to be shared, or do they have to be passed between them somehow?

    Both index and single call out to sidebar.php in order to generate the sidebar info, and that’s where I have the code to display the login form.

    I’m glad you’re looking to finish up and polish this, as it doesn’t appear that anyone else is taking the lead to put something together. Have you considered turning it into a formal plugin? That way it can be activated and you can ensure that the require portions are written properly as well as rewriting the comment form. Then, the only involvement from the end user is to make the call to display the login form where they want it.

    FWIW, I’ve had about 7 or 8 tries at getting a comment to post here because of the security code. It’s difficult to read sometimes and appears that it is case sensitive.. Problems with distinguishing 0 or O. I’ve actually learned to copy my comment *before* submitting it, because after its invalid and you hit back, my browser looses everything I’ve typed. Happened twice to me (losing it), so now I can at least paste the comment and try again with a new code.

  19. weezeld@livejournal 10 years ago

    Ok, I found out a couple things. The way my theme was setup, there were seperate index.php and single.php files, each with their own header information. Once I created a single header.php and put the include there, it made the session information available to both locations. So it is required to be included for any page which needs access to the session information.

    This *include* the wp-comments-post.php file. If you do not include the openid.php script there, your modification to save that username instead never executes, because the value of the session is always blank.

    What I’m going to try and do is to modify the comments.php further, so that if you are logged in, you aren’t presented with the option of picking your name or email. Since it overwrites it anyway, why bother allowing the visitor to select it.

    I’m also going to try and mess with the icon display. Lastly, I want to find out how to use display names rather than the display. I’ll let you know on anything that I get working.

  20. Hi, I just logged in via my site,, and encountered a few gotchas you should be aware of:

    1) First I entered This failed with a “no openid server can be found” type message. I then tried and it worked. So it looks like the plugin is not normalizing the URL correctly.

    2) was presenting me a login page even though I was already authenticated there. odd. It turns out it was because the URL that wordpress was sending me to looks like:… ( truncated )

    Note that there are two “?”. Afer I changed the second “?” to an “&”, I was able to login okay.

    So it appears that the plugin is not properly checking for the existence of a query string in the openid.server URL.

  21. Update:

    I’ve modified to use /server instead of /serverlogin?action=openid. So this helps with interoperability on that end. The old form still works however, in case you want to test it by manually pointing at that URL.

    On an unrelated matter, I notice that when logging into your blorg from the article page I am returned to the front page instead of the article page. Is that normal wordpress behavior?

  22. vxjasonxv@livejournal 10 years ago

    I was going to suggest the author check out the videntity libs. Looks like someone beat me to it :D.

    Another snafu. I notice that I’m vxjasonxv@livejournal
    This is wrong because I’m, but my identity is delegated to LiveJournal.
    However, my identity is supposed to be @livejournal ;).

  23. vxjasonxv@livejournal 10 years ago

    Garrrr, last line edit:
    My Identity is NOT supposed to be @livejournal.

  24. Hello! I’m having some problems with my OpenID. After i type in my livejournal id to wordpress and verify i get a 404 error.

    Any help would be great

  25. gbarber@livejournal 10 years ago

    Test reply

  26. Scatman Dan 10 years ago

    Please note: I’m now redeveloping this tool as a proper WordPress plugin. Watch this space.

  27. gbarber@livejournal 10 years ago


  28. Dan,

    I’m excited about the “proper” wordpress plugin! Any idea when it’ll be available?

    brianellin – at – gmail

  29. Have you found a decent way to integrate the login process into the comment form? Insofar as I can tell, WordPress didn’t make it very easy to extend authentication.

    I hacked together a WP plugin as well (admittedly a while back), based around creating actual WP users for each openid commenter. This has the added advantage of the built-in profile by which the user can change their display name. Kludge at

  30. No update?

  31. Hey y’all. I’ve successfully used this code on my site (PHP4) by including the workaround http-build-query function. A few things I encountered that may be helpful to you:

    -If you’re using the K2 style, you’ll have to make the same update to the comments-ajax.php file in the k2 directory as you did to the wp-comments-post.php file in the WP root. You’ll also have to update the comments.php file in the K2 directory so that it will display the commenting form if the user is logged in with OpenID.

    -I thought it might be nifty, if, when a user comments from LJ, their default userpic is displayed in place of a gravatar. I created a custom LJ style that does nothing but spit out the IMG tag for the default userpic, to make it easier to grab a user’s userpic. So if you parse an LJ commenter’s get_comment_author(), and grab their LJ name, you can use CURL to grab and then you’ll be able to display their userpic. For an example of this, see

  32. I’ve been having trouble with the code. I can get LJers to login and verify with LJ, but commenting doesn’t work and OpenID doesn’t either. I have trouble with the trust root for openIDers. I’m patiently awaiting your plugin. :)

  33. I’ve seen a lot of people talking about spreading OpenID, which is great, but as far as WP goes, everyone’s pointing to you, Scatman. WP 2.0 Release Candidate 3 came out last week, but unfortunately it didn’t integrate OpenID. So the pressure’s on!

    It took a lot of tries to log in here. Finally, by putting in my site, I got logged in as my identity on the server. Funny how trying my server id didn’t work.

  34. Thanks for putting work on this. It’s a great idea who’s time has come. Is the plugin WP 2.0 Compliant yet?

    It would be nice if it was smart enough to add or remove the ‘http://’ part of the OpenID where appropriate. For example, I have to manually add it to login (on LJ I don’t). Also, When listing me in comments, it seems rather useless to include it for everyone and makes it more confusing.

  35. snaky_@livejournal 10 years ago

    I’ve just finished modified version of this plugin. You can download it from here.
    Main modifications:
    1. This is not a hack now.
    2. You can login from comments form.
    3. It works with PHP4.

    I’m sorry, there isn’t english verision of page with description of this plugin. If it doesn’t work or you have any suggestions about it, just write me email to snaky[at]

  36. crschmidt@livejournal 10 years ago

    Pretty nifty, but it doesn’t deal with delegation properly: I signed in as, and it (as you can see) thinks I’m at

  37. Shame here.. I signed in as and its think I’m at

  38. 10 years ago

    Hmm… It likes me just fine..

  39. ilkosh@livejournal 10 years ago

    it seems not to work.
    i’ve done everything above, but nothing happens :-(

    you can see it at

  40. Makki 10 years ago

    Dead link for download

  41. Jenny 10 years ago

    ooo i cant wait. please hurry. i wanna use it!

  42. Ajay D'Souza 10 years ago

    Just a suggestion, instead of editting core WP files see if it is possible to edit theme files.

    WP2 allows you to create a functions.php which you can put whatever functions you need to code.

    In WP1.5 you can include the functions.php to the theme.

    If you need any help wrt themes you can contact me. I’m not an expert, but can help you as much as I can :)

  43. Rebecca 10 years ago

    This is great news Dan. Thank you for all the extra work in updating and moving this to WP 2.0 :)

  44. maxpower 10 years ago

    It’d be nice to know what OpenID actually does, over and above its features. What is the big picture, and what does openID actually do?


  45. Jeannie 10 years ago

    I see that WP v1.5 is required. Is that to say that is the minimum requirement, or that it will not work on 2.0? I see people have implemented it recently, but that doesn’t tell me if those people are running the latest version.

    I’d really love to try this out. If anyone could answer me so I don’t possibly *really* mess up my blog I’ll be forever grateful! Thanks!

  46. flavien 9 years ago

    Badly looking forward to the plugin for WP2 release!(best to include OpenID Server)

  47. rashid 9 years ago

    Oh god, I am so desperate for this plugin!

    By the way, is there no other way to delegate than in html? Since i want to put the code in wordpress’ index.php

  48. Dexter 9 years ago

    For some reason I am now getting the

    “The site you just came from seems to want to verify an identity that you, as dexterian, cannot provide.”

    As are all my other LJ Friends. I’m not sure as to why this is happening and I noticed it was meant to be fixed in this current release or has it not yet been fixed?

  49. Ferienhaus Mieten 9 years ago

    OpenID for wordpress is great. Thanks to Plugin Maker and helper!

  50. 0dot 9 years ago


  51. codian 9 years ago

    just test

  52. Znuff 9 years ago
  53. Alex 9 years ago

    As a user, I’m a big fan of OpenID, Yadis, LID, G/PGP, etc. However, if I am not mistaken, WordPress producers desire authentication before submitting a comment to minimize spam. So what keeps any jerk from creating an identity at some distributed id-server and spamming freely? Perhaps someone will propose distributed karma points for identities, servers, and/or … oh dear no.

  54. 9 years ago

    I just get to know about OpenID. Great idea!

  55. Maxx 9 years ago


  56. HelloWorld 9 years ago

    Peace people

    We love you

  57. 8 years ago

    Just checking if it will work. :)

  58. Anonymous 8 years ago


  59. teplorod 8 years ago


  60. naisioxerloro 8 years ago

    Good design, who make it?

  61. Scatman Dan 8 years ago

    Design is mine. Background photo courtesy Christof Wittwer, used with permission.

  62. Statto 8 years ago

    JTA’s had the exact same comment: I assume it’s spam.

  63. punkito 8 years ago

    It’s pity

  64. raymond 8 years ago

    Testing openid

  65. Lueng 7 years ago

    Not download!

  66. piri 7 years ago