WordPress OpenID v3.3

I’ve finally gone ahead and released version 3.3 of the WordPress OpenID plugin. This release includes three major sets of changes. First, it drops support for older versions of WordPress… the minimum required version is now 2.8. Trying to maintain backwards compatibility requires a non-trivial amount of effort, and I’d rather spend that time working on new features. It also cleans up the code a fair bit, which I always like. It also drops support for two experimental OpenID extensions known as EAUT and IDIB. EAUT is effectively being replaced by WebFinger, and IDIB never got too much traction. Either could still be added pretty simply by another plugin if people still want them.

Second, this release features a new user interface for the integrating OpenID into the WordPress comment form. Instead of simply advertising OpenID support on the “Website” field, and always attempting OpenID authentication, the plugin now detects OpenID support for a URL, and gives the user the option to authenticate the comment. This provides a cleaner, less obtrusive interface that should work on most all themes. It also gives the user the option to not authentication that particular comment if they don’t want (particularly useful if you’re on a mobile device or in a hurry and don’t want to mess with OpenID). Feel free to try it out on this post if want. You really don’t even have to submit the comment to see it in action… just enter a valid OpenID URL for the website field, and move focus somewhere else (ie, click in the comment box like you’re going to type a comment). There is currently no option to revert to the old style of comment form integration, so hopefully folks will like this new UI. If you really don’t like it, you always have the option of turning off comment form integration and modifying your theme to your heart’s content.

Finally, this release includes a lot of minor bug fixes that people have been complaining about (sorry it took so long). I’m sure I didn’t get to all of them, so please let me know what I missed, and I’ll try to do more regular minor releases with these smaller fixes.

I’ll additionally note that working on WordPress plugins is no longer part of my day job, so I currently work on them rather sporadically as I have time. The changes in this release have been developed a few hours at a time over the last couple of months. I’ve been running trunk here on my site for quite some time and haven’t had problems, but you never know. Please use the DiSo issue tracker to report any new bugs, or to remind me of existing tickets that are still not fixed in this release.

Comments and responses

Have you written a response to this? Let me know the URL:

For of all, thank you for the release. I am one of the many that have asked, many times, to get OpenID as part of the WordPress core. I consider this important, and a good replacement for the current WordPress login mechanism. Yet, I have gotten much resistance from wordpress.org.

Perhaps as the main developer of this plugin you could weight in and endorse the inclusion of OpenID as part of the WordPress core. Perhaps they will listen to you.

I’d say, add a title to your comment and make it into a post! It’s good reading.

Thank you for your work on WP OpenID,



Why do Google Apps OpenIDs (e.g., username@gmail.com or justinc@olliatauburn.com, a Google Apps Education Edition hosted account) not work at this site and at my test site where I have OpenID 3.3.1/WordPress 2.8.2 installed?

justinc@olliatauburn.com and other olliatauburn.org email addresses work as OpenIDs at this demo/test site http://rails-authlogic-rpx-sample.heroku.com/user_sessions/new and username@gamail.com works there, too, when Google is selected as the provider.

I'm hoping to give members of OLLI a single hosted Google Apps account and have them use their OLLI Gmail email addresses as their OpenIDs for our WordPress blog.

Thanks for any guidance/help.

  • Tom
Tom: why don't they work? Because email addresses are not OpenIDs. Google defined their own custom discovery protocol for Google Apps. RPX, which the demo site you linked to is using, implements Google's discovery protocol so it works on any RPX sites. Because this is not a standard discovery protocol, but is instead a vendor-specific option, I will not be adding support for it to the OpenID WordPress plugin. An additional plugin should probably be able to do so however without too much trouble... I'll have to double check if the appropriate hooks are present, and add them if not.

Nice work Will, thanks for keeping this up!

Something I'm going to need in the near future is for BuddyPress to be an OpenID producer with profiles, not blogs, as the endpoints.

You and I talked at IIW about how it might be nice to make WordPress "profiles" (/author/willnorris) serve as OpenID endpoints in this plugin. If I end up implementing the BuddyPress profile endpoints, I'll see if I can make the system abstract enough so that arbitrary system urls can server as endpoints, and then maybe we can get standalone/MU WordPress profiles as endpoints as well.

Let me know if you have any thoughts on this.


wordpress Could not discover an OpenID identity server endpoint at the url: user@gmail.com

BBig integer support is on. I have no idea why it's not working, i know read that people use URL's to register an OpenID... As i see in the plugin's details, the addon acts as a server and can provide registration of an OpenID right? And they can register through their e-mail correct?

Just wanted to let you know that the "author homepage"-link in the wordpress plugin directory for open id is broken.


Do you know if your plugin is working for the last release of Wordpress? 2.9

I didn't get it, how can I autenticate my comments with OpenID?

Should I use OpenID URL in pace of email? I tried it but I got an error...

Hey Will -

Hope the holiday season is treating you right!

I've been having problems with my provider, kind of like "admin" above. Getting error "Could not discover an OpenID identity server endpoint at the url: http://michaelgracie.com" and have found Blogger and a couple of other Wordpress sites can't verify it either. XRDS-Simple is in place, the links show in source, and /author/... point to the server.

I can't be sure whether this started sometime during an OpenID upgrade, when I moved to 2.9, or when I started using WP-Super Cache, but those are the only changes that have happened.

Any thoughts would be appreciated.



Please disregard the last comment - it was WP-Super Cache causing the problem. I found this, which fixed it: http://code.google.com/p/diso/issues/detail?id=153

I "didn't get it" either. It's a bit non-obvious. You have to enter your openid url in the "Website" field and then the "Authenticate this comment using OpenID." message appears.

That also makes the Name/Email required markers incorrect...maybe.

There is a bug in plugin (OpenID v3.3.3) in file wp-content/plugins/openid/common.php on line 543.


echo '{ valid:' . ( is_url_openid( $_REQUEST['url'] ) ? 'true' : 'false' ) . ', nonce:"' . wp_create_nonce('openid_ajax') . '" }';


echo '{ "valid":' . ( is_url_openid( $_REQUEST['url'] ) ? 'true' : 'false' ) . ', "nonce":"' . wp_create_nonce('openid_ajax') . '" }';

otherwise when you try to enter OpenID URL you get "errorparse" and checkbox don't appear.


I am using wordpress 3.1.3 and the openID checkbox never appears on the comments section. I did notice the jQuery(function(){ add_openid_to_comment_form('http://domain.com/wptr/index.php', 'xxxxxxxxxx') }) appear, but the tags generated by this is probably in the wrong section.

As far as I can see, with current Wordpress (and that apparently includes your own site) the latest version of the plugin no longer works. Not to mention that it hasn't been developed for over a year.

Is there any chance this will be fixed, or should everyone look for alternatives? I'm afraid while there are several viable alternatives, they all create user records rather than just post identified comments, which I find unacceptable.