Staying on the cutting edge: OpenID for bloggers

Posted By Darren Rowse 9th of March 2008 Miscellaneous Blog Tips 0 Comments

The following post on OpenID was submitted by Yung Chin from YC’s Ramblings.

openid_big_logo.pngUndoubtedly you’ve seen the icon shown here appear in the comments section of many Blogger, WordPress, LiveJournal, and MovableType blogs recently. What it means: “this site is OpenID enabled”. In case you’ve missed all the news buzz on it, OpenID is the up-and-coming universal login technology, bound to become as ubiquitous as email.

While that sounds like future-talk, let me convince you that for blogging specifically, it makes a lot of sense to start using OpenID today. In short: your comments on others’ blogs will look more professional, having your verified signature, and you can offer that same convenience to your visitors, while also keeping commenting on your blog easy.

What it does

I’ll skip telling you what OpenID does in general – here’s a scenario specific to the context of blogging: visitors that want to comment on your blog can use the address of their own blog to verify their identity.

  • your visitors enter their comment and their blog address
  • your blog server connects to their blog server
  • their own blog server checks that it’s really them (by login)
  • their blog server confirms this to your blog server
  • their comment gets a confirmed link back to their own blog

See how convenient this is? You only ever have to login at your own blog, and you’re automatically allowed to comment on any other OpenID-enabled blog. For an illustrated introduction, there are walk-throughs at eg. Blogger and WordPress.

Just to be clear, you won’t replace your regular commenting system. OpenID login is merely an optional convenience you’re adding. Oh and, although I’m focusing on bloggers, commenting also gets more convenient for visitors who don’t blog but do have an OpenID.


By now you may be wondering how relevant the whole OpenID thing is. If its support in Blogger, WordPress, LiveJournal, and MovableType (in that interview by Darren, Anil Dash puts it among their top ten features!) isn’t convincing enough, recent coverage at eg., BBC News, and ITBusinessEdge will tell you that all the biggest players in the web services space are on top of it, including Yahoo, Google, and AOL. What’s best is that the OpenID foundation is a non-profit that ensures the technology is freely available to anyone – including you.

OpenID keeps you out of the spam filter

Spam blocking firm Defensio suggest that your use of OpenID may simplify comment spam filtering. Here’s the idea: if you consistently use your OpenID to comment on blogs, spam filters like Defensio’s will learn that you don’t spam people. Thus, your contributions will never be accidentally marked as spam. And as a blog host, you can be a bit less worried that valuable contributions from your readers got stuck in your backlog of spam awaiting moderation. Saves you work!

Signed communications: a professional touch

Put in other words, OpenID allows you to tell another blogger “it’s really me, the author of (insert your blog), commenting here”, because indeed you can prove to them that you are the owner of your blog. I think that’s the closest thing to an official signature that the blogging world has yet seen.

If blogging is your profession, doesn’t it make a lot of sense to be professional in your communications, to actually sign the messages you leave on other blogs, and to more officially say “I’m backing my statements”? So now you can.

Make leaving comments smoother than ever

Let’s recap all this. Why was requiring a login annoying for your readers? They’d have to create a new account, and then remember that later on. So now you don’t require logins, but use aggressive spam filtering instead. As a result, many comments go into a moderation queue.

When you give visitors the option to use their OpenID, they won’t need to create an account and logins are mostly automatic, while they’ll still get the benefit of being recognized by the spam filter. In addition, you’re giving them the opportunity to come across more professionally, in the same way other bloggers are offering that to you.

Getting set up

The little technicalities of setting your blog up for OpenID of course depend on your blogging platform. All I’ll say is that it is typically rather simple – see eg. this description of installing a WordPress plugin.

If your blog is hosted by one of the big blog providers, you’re probably only a click in the configuration panel away of getting it going. If you host your blog yourself, a query for OpenID on the help pages of your favourite blogging platform should get you a long way. Short of that, here are some links into the OpenID community. And do ask questions, too!

In closing

OpenID as a technology provides much more than I could show you here. In some other context, it might for example make sense to use not your blog but your Flickr account as your OpenID to say “I really own these photos”. So in case you thought you’d just learned everything: it was really only the start. Have lots of fun!

About Darren Rowse
Darren Rowse is the founder and editor of ProBlogger Blog Tips and Digital Photography School. Learn more about him here and connect with him on Twitter, Facebook, Google+ and LinkedIn.
  1. I jumped on the Openid boat a while back. It’s a lot better than signing up for every site and trying to remember every password or even if you have an account.

  2. I’ve been thinking about this a lot lately, and I need to look into it closer. The idea is intriguing, but I’m a little unsure about the whole OpenID thing.

  3. Is there some plugin for self-hosted WordPress blogs you can use or do you have to do the programming yourself?


  4. I investigated openID myself recently. I wanted to use it with my 37signals apps. It is definitely convenient, but that convenience may come with some risk. There are plenty of critics to the whole openID movement. I summed up my investigation here:

  5. Nice post, and timely for my purposes. I was just starting to notice the expansion of OpenID, and not sure what it meant. I’ll be thinking about adding this to my own blog now.

  6. After OpenID has been around for a while perhaps a comparison of total amount of comments with OpenID to a blog without OpenID.

    I am also wondering about comment systems such as IntenseDebate. I just added it to my blog, but I do not know if it was a good decision. (My blog is new. I figured I could take the chance.)

  7. I tried using OpenID a year ago, didn’t like it, and went back to regular ol’ commenting. You don’t get the chance to link back to your site on your id if you’re using OpenID, which is often the incentive for most folks to comment.

    A year old isn’t so “cutting edge”.

  8. @ Andreas, there’s a few WP plugins out there. Here’s one (haven’t tried it myself, but have heard it’s pretty good)

    I’m personally not a big fan of open ID. It’s good in theory, but its a huge security risk.

  9. Hi all,

    @Andreas: see the link Jeremy posted above – that plugin is for comments on your blog. To be able to comment yourself, you’d need eg.

    @Chris: note that the guy you’re quoting in your blog post isn’t an independent academic – he’s also employed by a company specialised in authentication.

    Having said that, you’re right that there are some security issues to be aware of – but not in the context of blog commenting… I think the advice in the WordPress guide is all you need to remember:

    “If you try to use OpenID while you aren’t signed in to, you’ll get the following message: [You need to sign-in]
    The page does not contain a login form or links; instead it encourages you to browse to using a bookmark. This is to protect you from phishing; a bad site might try to send you to an imitation of and steal your password.”

    @Matt: the yadis plugin I just mentioned allows you to use your site address as your ID. And, yes, that’s true ;)

  10. Great post. I have started to moderate comments as some scumbug spammers are intruding my blog.

  11. I am not a big fan using open id though, while it is widely available at my blog, i guess the normal way to post is enough.

  12. If anyone with a blog can make their own blog login an OpenID and any spammer can start a blog (I think we have ample evidence of that), is letting OpenID past the spam filters really such a good idea?

  13. Like any technology, there are are going to be good and bad points. I appreciate the security and phishing concerns people have raised, but I think the benefits outweigh the risks if the consumers take normal precautions. Vendors also have been adding their own security measures such as Verisign’s seatbelt. extension for Firefox. I think there is a lot of good info in this podcast:

  14. I hate it. I see the comment I like, click name and it takes me to openID’s page instead of comenteer’s blog. So I have to click again. And i know it does the same when I comment. Beside that, what about people that have more than one blog and change them accordingly to the post they comment on?

  15. I can definitely say I haven’t heard of this. But then, I’ve only been blogging for 3 weeks now. I’ll be going to WordPress right away to get the plugin.

    Definitely an excellent idea for the user and the blogger!

  16. Hi again! Whoohoo, wish I got as many comments on my own blog :)

    Well, you don’t even need a blog to get an OpenID… it’s as easy to get one as to get a free email address.
    The point is that OpenID *proves* to the spam filter that you’re the same person that left a comment a previous time (could even be on another blog). So once you’ve been marked as “not spam” one time, the spam filter can always let you through.

    Thanks, exactly my thoughts. I’d worry if my bank started using OpenID, but for blog commenting the benefits certainly outweigh the risks.

    This is the point I tried to make in the conclusion, but it’s a bit hard to explain it clearly, so give me a second chance:

    Although people usually sell OpenID as a single login for the whole internet, that’s only the simplest way to use it. In fact, OpenID allows you to use *any* website you own as a sign-on (you need to put a special XML tag on the website). What happens then is this:
    * you use your blog address to leave a comment (use any of your multiple blog addresses)
    * the website goes to check on your blog address and finds the XML tag, which sends it to your OpenID provider
    * you get authenticated.

    So, in my case, I have a personal blog at WordPress, and a blog about Linux, and I use whichever address is more appropriate when I comment somewhere. Both addresses connect me to the same OpenID provider (in this case, that’s also WP).

    See also the yadis plugin I mentioned in my earlier comment.

  17. An addition to the comment above: the name for this type of redirection is “OpenID delegation”.

    Plus note to self: tell Darren that he misspelled my name :)

  18. I recently got to know about OpenID. But still I was really not into it. The information that you have provided has really encouraged me to open an account. This is certainly a new technology and I guess will be helpful for bloggers like me. Thanks again.

  19. This is a good idea but does it work for forum?

  20. Good post and enlighten the information and given a good glimpse of open id.

    Thank you.

    Does it help spammers in any way ?

  21. Hi there,

    Thanks for cluing me in about OpenID. At the moment it interests me more as a surfer than a blogger in that I’d like to save time and energy when surfing the web. As a blogger I’m not sure that I want to make people log-in to my account in order to leave a comment. Of course, if the technology takes off and this becomes standard then that won’t be an issue.

    I’m curious, though, how it works with online profiles. Online profiles can help one market their site. If I sign up using OpenID will I still be able to personalize my profile – or does it default to my OpenID profile? If using an OpenID URL exactly like setting up my own account at a website, just a different log-in procedure or are there other differences?

    With that said, I went and did some research after reading your post and put together some of the best video tutorials I could find on OpenID. They include a couple of tutorials on how to get started using OpenID, one on how to use the WP-OpenID WordPress Plugin and another one on some of the benefits of OpenID.

    At the end I through in a talk given at Google by a man named Simon Willison called the Implications of OpenID. This video is only for those who really want to delve further into this technology as it’s almost an hour long – but it’s there for those who are interested.

    You can read the post here:

  22. I love OpenID. My blog address is my OpenID.

    ” your comments on others’ blogs will look more professional, having your verified signature”

    So when will ProBlogger offen OpenID so that I don’t have to fill out this form each time I want to leave a comment?

  23. Interesting, I have seen these the last couple of months and was wondering what they were.. I might give it a try thx for the tip

  24. Now wordpress bloggers can use OpenID with plugins. Bloggers can find bunch of plugins. I found a bunch of openId plugins in wordpress plugin directory.

    and more..

  25. ok, while yungchin makes it sound so simple, attractive and professional (really?), we have to admit that this technology is still new and whatever technology is new on the net, it has a lot of security risks associated with it. It might be easy to get excited using it, but is it worthwhile yet? NO, you will not say yes unless and until we see its progress in the incoming years..

    – Wakish –

  26. Hi, chiming in again to pick up on a few questions…

    Yes, it does, but you’ll need some other plugins :)

    The situation for spammers doesn’t get better or worse – as I said, getting an OpenID is as easy as getting an email address. The improvement is that nobody can impersonate you when commenting, so spam filter false-positives will be reduced.

    Search Marketing Courses (is that your christian name? ;)):
    My suggestion is to provide OpenID sign-on optionally. You’re right, it makes sense not to force people to sign-on just for commenting.
    Your profiles should remain completely flexible.
    The videos look like an interesting collection, I’ll check them out tonight!

    No idea :) The same thing with… while they do provide me with an OpenID, it’s only one-way traffic for now :(

  27. Hi Wakish, I just commented but it got stuck in the moderation queue (you see? *That* could be a thing of the past!). There’s already been some discussion in the comments about security risks – do you have other concerns? YC

  28. Yungchin, thanks for the explanation. I gotta play a bit with that possibility.

  29. I would like to add that openID is not something new.

    I heard about it several years ago and came close to placing it on a website back then. I chose to go in a different direction.

    The technology is largely worked out. The security issues for bloggers isn’t that big of a deal because its all about comments.. no posting (at least yet).

    My problem with openID for blogs is the question, why? I can’t figure out a good reason to implement it on to any of my blogs besides the “cool” and “cutting edge” factor.

    Is filling out those forms that big of a hassle? Many blogs (like problogger) even have plugins that actually remember your information anyway..

    Now what would be cool and I could see it happening is if the openID platform had a way of remembering all of your comments and posts from around the net and then being able to display it in a sidebar or a social networking profile.

  30. OpenID makes commenting in blogs a lot more easier. It definitely helps blogspot users like me! Thanks for the elaborate post.

  31. So, when will get OpenID support?

  32. Tuning in again…

    Thanks for returning!

    Very true, it’s not new. But only now is it becoming news (see the dates on the news items I linked to – only up to a month old).
    Your idea is indeed cool, and it doesn’t sound infeasible – worth suggesting for the next version of the protocol!
    Filling out the forms isn’t too big a hassle, but why have any hassle at all if it could be automated? Plus, you get the benefit that your fellow bloggers can be sure comments really came from you (horror scenario: some random guy recommending a malware-containing site to them using your name and blog address to appear legitimate).

    (PS: I decided to get a more permanent URL)