{"id":89113,"date":"2012-07-27T11:00:13","date_gmt":"2012-07-27T15:00:13","guid":{"rendered":"http:\/\/wpmu.org\/?p=89113"},"modified":"2012-07-25T22:54:46","modified_gmt":"2012-07-26T02:54:46","slug":"wordpress-browserid","status":"publish","type":"post","link":"https:\/\/wpmudev.com\/blog\/wordpress-browserid\/","title":{"rendered":"Secure WordPress Logins with Mozilla’s Persona (BrowserID)"},"content":{"rendered":"

The Mozilla Persona (BrowserID) plugin<\/a>\u00a0allows you to login to WordPress websites without entering a password. You can use any number of email addresses to login to any number of WordPress sites.<\/p>\n

WordPress registrations aren’t handled by the plugin, only logins.<\/em><\/p>\n

BrowserID Example, with Screenshots<\/h2>\n

Mozilla Persona is simple. You tell Persona what your WordPress user account email address is; Persona sends you an email to verify you own that address; and it logs you in as the WordPress user associated with that email address. Here it is in action…<\/p>\n

Step 1<\/h3>\n

Install and Activate the BrowserID plugin<\/a>.<\/p>\n

Step 2 (optional)<\/h3>\n

Customize the plugin’s settings. If you skip this step, the default settings will be used,\u00a0shown in these screenshots.<\/p>\n

\"Post
The BrowserID plugin’s wp-admin settings<\/figcaption><\/figure>\n

Step 3<\/h3>\n

Logout and go back to the Login page to see the Mozilla Persona “Sign in” button.<\/p>\n

\"Post
Mozilla Persona (BrowserID) on WordPress Login Page<\/figcaption><\/figure>\n\n

Step 4<\/h3>\n

Click “Sign in” to bring up the Persona login window.<\/p>\n

\"Post
WordPress Mozilla Persona Login pop-up<\/figcaption><\/figure>\n

Step 5<\/h3>\n

Enter the email address of your wp-admin user account. When prompted, create a password for your Mozilla Persona (BrowserID) account. Then you’ll receive an email at that address to verify you own it. Leave the Persona pop-up window open while you click the email verification link and the pop-up window will close a second later and automatically log you in.<\/p>\n

\"Post<\/a>
Click the link to verify your ownership of this email address and your intent to use it to sign in to the specified website<\/figcaption><\/figure>\n

Multiple email addresses, Multiple websites to login to<\/h2>\n

If you have more than one blog to login to but use different email addresses, you can add additional email addresses to the same Persona account<\/strong> while using the same\u00a0Mozilla Persona password you created before. This avoids having multiple Persona accounts to keep track of.<\/p>\n

How does Mozilla Persona work?<\/h2>\n

“Mozilla Persona (BrowserID)” uses its own secure website (not your WordPress website) as the sign-in server. It keeps you logged in with browser cookies (like your WordPress site does). If you clear your browser cookies, you’ll be signed out of BrowserID.<\/p>\n

If you’re signed in to BrowserID, you won’t need to enter a password to login to your WordPress sites.<\/strong> You sign in once to Persona (per web browser, since each browser has its own set of cookies) and then you can sign in to any of your WordPress sites, or any other site that supports BrowserID.<\/p>\n

Tip to make sure you use a single Persona account<\/h3>\n

If you’re signed out of BrowserID and try using it to login to a site you haven’t setup before (e.g. WordPress user email is ‘second@email.com’), I suggest trying to login with your BrowserID email (e.g. ‘first@email.com’) even though you know there’s no WP user with that email address. That way, you’ll be signed in to BrowserID and get a message that your login to the WP site was unsuccessful. Then you can try signing in again and you’ll see the “Add another email” button on the Persona pop-up, and you can go from there. Doing this will ensure you don’t create separate Persona accounts for each email address; thus, you’ll have multiple email addresses to choose from but only need to remember a single Persona account password.<\/p>\n

Alternatively, if you don’t want to attempt logging in with this wrong email address, you could just navigate to the Persona account website<\/a>, add an email address there, and then sign into your website.<\/p>\n

BrowserID compared to other 3rd party login solutions<\/h2>\n

Facebook<\/h3>\n

The BrowserID solution is very similar to the blue Facebook “Log In” button we see on many sites. However, you don’t need to create a separate Facebook app for each of your WordPress websites.<\/p>\n

WP Engine’s\u00a0MixBoardPortalPanelPress<\/h3>\n

I previously discussed WP Engine’s\u00a0MixBoardPortalPanelPress<\/a>, a free “portal” to register your WP sites. It’s designed for you to have a single place to login — if you need to login to any one of your sites, just login to the WP Engine Portal (with either Facebook or Twitter) and then you can click to be automatically logged in.<\/p>\n

The WP Engine Portal is a different approach. If you like having one URL to go to where you can one-click-sign-in to all your sites, WP Engine Portal is probably for you. However, it’s only able to tie to a single WP user per site. Only one user can use WP Engine Portal to sign in because, in the plugin’s settings, you have to tell the plugin which user to log you in as when you come from the Portal.<\/p>\n

BrowserID enables multiple users to sign in securely, since WordPress doesn’t allow accounts with duplicate email addresses.<\/p>\n

\"Post
WordPress won’t allow duplicate email addresses<\/figcaption><\/figure>\n

If you have multiple users that are all just you with different permissions for testing, you could easily use BrowserID to specify which user to sign in as, based on which email address you tell Mozilla Persona to sign you in as. Unrelated to the BrowserID plugin, I’d also recommend the User Switching plugin<\/a> if you have this sort of setup.<\/p>\n

Mozilla Persona (BrowserID) resources<\/h2>\n

For more details about Mozilla Persona (BrowserID), visit:<\/p>\n