Using Your Wordpress Site As An OpenID Provider

In looking to try out yet another social service this weekend, I was presented with the following choices for login:

I never liked the idea of letting one of the major brands own my web identity so I’ve always set up a new ID on every site I’ve every gone to. As a result, I manage over 96 primary passwords and another 152 old or less used passwords, all different. This is crazy, of course, so I finally decided to look into OpenID since it was offered in this case.

The way OpenID works is that you set up your identity an OpenID provider and allow websites that you are attempting to use to use a URI (web link) specific to your identity to communicate to that provider and verify that you are who you say you are. OpenID isn’t used a ton of places yet but the list is growing.

You can get an OpenID from several well known providers and many web users already have one without realizing it. Google, Yahoo, MySpace, Facebook, etc. all have OpenID providers that your login with them can be used through. However, the geek in me was most interested in setting up my own.

Since this blog site is self-hosted and runs off a convenient domain name that I can easily associate with my OpenID, I figured it would be a great place to run my OpenID service and host my identity. Luckily for me, most of the work necessary to set this up has been done before and is laid out in what seems to be the definitive web reference on rolling your own provider, by Sam Ruby.

I won’t go into all the detail unless anyone has questions but here are some of this high points, including some tips for doing this on a Wordpress site that aren’t covered by Sam’s reference.

  1. The most commonly use PHP code for running a PHP OpenID provider of your own, is at: It consists of two PHP files that you add to your site that do most of the work. It also includes a detailed README that outlines the specifics of what you’ll need to do beyond what Sam has described.
  2. Once you have the phpMyID.php and the phpMyID.config.php in hand, you fiddle with the config to set up your username/password hash, to start.
  3. In order to get the username/password hash you’ll need to run an MD5 has function on it. Unix users have built-in options for this but I had to go get it from: Since this is security that we are into I reviewed the source and built my own EXE to do the hash. Once you have the hash you add it and the user name into the config.
  4. I did some of what Sam suggests to clean up the URI by sticking these files in a subdirectory can ID and renaming the config to index.php. In doing that you no longer have to reference the particular PHP source as the ID URI and my ID is instead: 
  5. For the final steps to get this working, some specific to Wordpress, I had to do the following:
    • I did have to modify the .htaccess to include one of the "RewriteCond" options included with the phpMyID code. The first option worked and allowed 3rd party sites to access my server correctly.
    • The second thing I did was to get this Wordpress plug-in( and set it up on my site. In order to insert the "link" tags in the HTML of my site I was looking at either hacking my Wordpress install, writing my own plugin or addition to the Wordpress PHP, or just using this plug-in which basically takes care of it for you.
Once those steps were complete my OpenID service and ID were online and usable. I used it to login to the crowd-source Q/A test site set up by @ChrisPirillo and was off and running. (His site is

Previous Entry: RFI: PC and Mac Based Virtualization
Next Entry: Extending SaaS Platforms With Azure

    leave a reply

      Name (required)
      Email (never displayed)