[Plugin: WP-OpenID] OpenID overrides website in profile?

  • Greetings,

    I want to use OpenID to login to my self-hosted WordPress blog, as my host does not support SSL, and I feel a bit iffy about sending login data over the internet in the clear. VeriSign’s PIP OpenID service supports SSL and certificate-based logins, so I’d ideally like to use that.

    I installed and configured the WP-OpenID plugin, and things seem to work as expected with one exception: the OpenID URL (in my case, it’s [username].pip.verisignlabs.com) overrides the existing website in my user profile.

    This is a Bad Thing, as I don’t want to include this URL in comments I post. It’s not because the OpenID URL contains sensitive information (it doesn’t — there’s no publicly-viewable information there at all), but simply because I’d rather include a URL that points to my actual website, rather than to my OpenID URL.

    Is there any way to setup WP-OpenID simply for logging in to the administrative interface of my blog? At the very least, is it possible to not have WP-OpenID override the website in my profile?

Viewing 3 replies - 1 through 3 (of 3 total)

  • You can add a link elements to your homepage’s header:

    <link rel="openid.delegate" href="[username].pip.verisignlabs.com" />

    That ought to do do it with a redirect. ??

    overriding the profile URL is designed to prevent someone from spoofing a comment as someone else. The current version of the plugin (v3.0) does include an OpenID provider now, so you should be able to simply set your own site as a verified OpenID, and then set it as your profile URL.

    This is crazy.

    I don’t understand how forcing a profile URL prevents spoofing. It is one thing for me to use my gmail identity to access WordPress. It is another to require me to make my openID my URL.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘[Plugin: WP-OpenID] OpenID overrides website in profile?’ is closed to new replies.