Twitter Connect for WordPress
The latest version of Twit Connect allows any blog owner to self-host the entire oAuth connection process. The plugin now works just like Facebook Connect.
- Install the plugin.
- Register your blog on Twitter.com and retrieve your Consumer Key and Consumer Secret.
- Plug those items into Twit Connect’s configuration page and you will have a complete and independent oAuth application.
When your readers want to comment on a post, they’ll simply click on a button and provide their Twitter credentials to identify themselves. You’ll also see their Twitter avatar alongside the comments if you’ve setup avatar support on your blog.
I’ve left the option to continue to pass the oAuth process onto me, so you don’t have to register your blog with Twitter.
This version also sports a choice of two different buttons, the new button is from Peter Denton’s “Signin with Twitter” button set.
You may notice that I haven’t implemented the “Sign in with Twitter” process. I will add that functionality later, however, I would like to spend more time testing that feature first. Although it has been reported as a “game changer,” leaving that piece out for now does not significantly change process flow.
Filling out the Twitter Application Form
The Twitter form was designed for applications, but it can work for your blog too. Please see the example below:
Some Caveats
Although I’m a big fan of the Twitter oAuth process and I’m really pleased with this plugin,I recognize that there are still things to consider when implementing this type of technology:
- An evil blog owner could capture a user’s oAuth token and secret and read private messages or add unauthorized tweets (if write access is granted).
- A compromised blog could send a user’s oAuth token and secret to a hacker’s site.
- A completely bogus blog could be setup to simply capture oAuth login information.
With oAuth, we’ve at least eliminated the need for a user to provide a password. This is important since we know many users use the same password across multiple applications. It doesn’t, however, make the process completely foolproof and users will need to continue to watch the urls in their browsers and make sure they are signing into legitimate applications.
As always, education is an important part of this technology. Luckily, we have a great forum for providing that education.
Reference Lookup: Dictionary, Thesaurus, Encyclopedia, & More
powered by PostRef
swhitley (Shannon Whitley) said,
Wrote on April 21, 2009 @ 12:09 pm
Twitter Comment
RT @me: Twitter Connect for WordPress (new release) – [link to post]
– Posted using Chat Catcher
jangles (Neville Hobson) said,
Wrote on April 21, 2009 @ 1:52 pm
Twitter Comment
Installing updated Twitter Connect for WordPress, choice to use OAuth. [link to post]
– Posted using Chat Catcher
jangles (Neville Hobson) said,
Wrote on April 22, 2009 @ 3:05 am
Twitter Comment
@patrickaltoft did you see that @swhitley added some essential help re how to reg with Twitter? [link to post]
– Posted using Chat Catcher
Lance Taylor said,
Wrote on April 24, 2009 @ 9:02 am
do you have the avatars working yet?
Vinko T. said,
Wrote on April 25, 2009 @ 7:30 pm
Has the “Session Fixation Attack” vulnerability fix been applied to this WP Plugin? http://www.readwriteweb.com/archives/how_the_oauth_security_battle_was_won_open_web_sty.php
andylenz (andylenz) said,
Wrote on April 27, 2009 @ 10:04 pm
FriendFeed Comment
T… [link to post]
– Posted using Chat Catcher
swhitley said,
Wrote on April 29, 2009 @ 9:31 pm
Hi Vinko,
The “Session Fixation Attack” will continue to be addressed by Twitter. The plugin will only need to change if Twitter changes its process. Twitter did disable “oauth_callback” as part of its response and I rewrote the plugin (latest version) to get around the loss of that feature.
bioproducts said,
Wrote on May 5, 2009 @ 1:15 pm
Thank you for making this possible!
David Mejia said,
Wrote on May 5, 2009 @ 1:22 pm
Very nice tool, thank you
Luke, Reach Students said,
Wrote on May 5, 2009 @ 1:33 pm
This sounds great. I’m posting this to see how it works.
Adam S said,
Wrote on May 5, 2009 @ 1:50 pm
For some reason, I always get a 404 when clicking on the “sign in with twitter” button. I’ve checked, it’s loading a script that IS there (http://firsttube.com/wp-content/plugins/twitconnect/start.php – no secret there). The file responds when you load it directly, but when you pass it parameters, it returns a 404. Any thoughts?
Michelle McGinnis said,
Wrote on May 5, 2009 @ 2:27 pm
Thanks Shannon, this is great! I’m hoping I’ll be able to use it on a pretty high-traffic blog very soon. I’ll let you know how it goes.
randyjensen (Randy) said,
Wrote on May 5, 2009 @ 2:34 pm
Twitter Comment
Twitter Connect for WordPress is now amazing [link to post]
– Posted using Chat Catcher
pmaez (Paul Maez) said,
Wrote on May 5, 2009 @ 4:22 pm
FriendFeed Comment
Twitter Connect for WordPress | Shannon Whitley [feedly] – [link to post] (via http://ff.im/2BZyo) http://friendfeed.com/e/7a01ad2d-6635-4ae6-9c6d-db048a339fa4
– Posted using Chat Catcher
Mihai Secasiu said,
Wrote on May 6, 2009 @ 1:42 am
Doesn’t twitter offer any way of restricting the actions that someone can do if I give them access to my account.
Like when I allow your blog to access my account I should have something like a checkbox to select to only let you verify that it’s really me but not allow you to do anything else from my account. Something like what you do when you give a facebook app access to your data.
mihaisecasiu (Mihai Secasiu) said,
Wrote on May 6, 2009 @ 7:10 am
FriendFeed Comment
Twitter Connect for WordPress | Shannon Whitley [feedly] – [link to post] (via http://ff.im/2BZyo) http://friendfeed.com/e/4363d11e-fb27-4a92-9191-8a49c32070d5
– Posted using Chat Catcher
patgrahamblock (Pat Graham Block) said,
Wrote on May 6, 2009 @ 9:46 am
FriendFeed Comment
Twitter Connect for WordPress | Shannon Whitley [feedly] – [link to post] (via http://ff.im/2BZyo) http://friendfeed.com/e/892129c4-2d7d-4d61-bfd0-3d049f8540e4
– Posted using Chat Catcher
Dan York said,
Wrote on May 6, 2009 @ 1:28 pm
Shannon,
Very cool plugin! I like how it works when I login to comment here. Question for you: do you know if anyone has tried it on WordPress MU (WPMU)?
Thanks,
Dan
Nick said,
Wrote on May 6, 2009 @ 2:34 pm
I am getting this error:
Warning: fopen(/var/www/mydomain.com/htdocs/diy/wp-content/plugins/twitconnect/secret.php) [function.fopen]: failed to open stream: Permission denied in /var/www/mydomain.com/htdocs/diy/wp-content/plugins/twitconnect/twitconnect.php on line 379
Can’t open secret file
Gregory Janssens said,
Wrote on May 6, 2009 @ 5:08 pm
Thanks for this plugin.
Gregory Janssens said,
Wrote on May 6, 2009 @ 5:37 pm
How can we connect our main account to a twitter account ?
nsputnik (Nick Dynice) said,
Wrote on May 6, 2009 @ 7:24 pm
Twitter Comment
@swhitley i need some help with your Twitter Connect for WordPress plugin. [link to post]
– Posted using Chat Catcher
Nick said,
Wrote on May 6, 2009 @ 10:45 pm
Where do you suggest inserting the twit_connect function for the k2 theme?
Shannon said,
Wrote on May 7, 2009 @ 1:46 pm
Hi @Dan,
I don’t know if anyone has tried it with MU. My guess is that it would work fine, but I haven’t tested it.
@Nick
Hopefully you saw my tweet. That message is related to your security. Make sure that the files in your plugin directories are read/write. You’ll want that anyway for the automated plugin downloads.
I haven’t seen the K2 theme, but most of the comment templates are very similar. Place the code just above the <input type=”text” name=”name” /> form field.
@Gregory Janssens
Good question. I have that problem on this blog. It can be done, but I’d have to walk you through a database update. I’ll include something to do that online in the next release.
Shannon said,
Wrote on May 7, 2009 @ 4:29 pm
@Mihai Secasiu
That would be a great feature for Twitter. I don’t think they quite intended it for this purpose when they created the solution so they don’t offer that level of granularity. It’s either “read only” or “read/write.” Twit Connect on this blog is setup for “read only.”
V.C said,
Wrote on May 10, 2009 @ 1:34 am
I found your topic when I was looking for a plugin which connect twitter to wordpress.
I’ve been wondering about it, so thank you very much for writing.
Rajesh said,
Wrote on May 16, 2009 @ 7:34 am
In My case oauth_token is always blank, i have tried many script could anyone tell me the reason
Matt said,
Wrote on May 20, 2009 @ 3:54 am
I tried to use your plugin and alter it so users could update their status from my side bar. I made my app with tiwtter read & write and took some code from Jaisen Mathai’s library, which your plugin seems to be based on. But I couldn’t get it to work. I’m currently using a PHP script which isn’t really the most secure or nice. Any thoughts on how to make this work would be greatly appreciated.
Thanks so much for making this plugin. It doesn’t exactly what you said it will and works really well. Very appreciated.
Dave said,
Wrote on May 27, 2009 @ 9:25 am
Awesome! Thanks I’ve been looking for this for a while…
makakimusic said,
Wrote on May 31, 2009 @ 9:35 pm
Great plugin!
MBX said,
Wrote on June 1, 2009 @ 8:31 pm
This plug is not working.. not even on your site. Can anyone confirm?
Ronny-André said,
Wrote on June 2, 2009 @ 1:48 am
How does this plugin work with other plugins, specially the Facebook Connect plugin?
Shannon Whitley said,
Wrote on June 3, 2009 @ 1:30 pm
@MBX – Looks like Twitter made a change to the oAuth process. I’ve seen some other issues with the latest push. I’ll take a look.
@Ronny – There has been an issue identified if a user id is not unique between systems. I’ll be releasing an update to account for that in a day or so.
swhitley said,
Wrote on June 4, 2009 @ 7:17 am
Twitter added an additional step in the oAuth process. The plugin code was fine. I modified some of the code on the server side to adjust for the Twitter changes. Things are back up and running again.
E-TARD said,
Wrote on June 5, 2009 @ 6:58 am
thanks for the info
I saw this pligin on this one dudes blog
& i just had to have it
franciscohm said,
Wrote on June 6, 2009 @ 2:51 pm
Testing testing…
Crisalia said,
Wrote on June 6, 2009 @ 3:14 pm
testing…
@twitter said,
Wrote on June 10, 2009 @ 11:24 am
Just testing.
Paul Vander said,
Wrote on July 3, 2009 @ 10:45 pm
And spanish???
Steven Kruyswijk said,
Wrote on July 6, 2009 @ 5:31 am
Also testing
(great way to evoke blog comments!)
Steven Kruyswijk said,
Wrote on July 6, 2009 @ 6:33 am
Ah, the avatars seem to work now.
Steven Kruyswijk said,
Wrote on July 6, 2009 @ 6:37 am
Then again, right after posting a comment my avatar disappears…
juzdongivaphuck (Edmondo Antonacci) said,
Wrote on July 7, 2009 @ 7:20 am
Twitter Comment
Twitter Connect for WordPress | Shannon Whitley [link to post]
– Posted using Chat Catcher
도비호 said,
Wrote on July 10, 2009 @ 7:25 pm
I met fopen error
Syed Ekramuddin Emon said,
Wrote on July 13, 2009 @ 6:35 pm
i like to test how this works. will my pic comes? will it do a auto twitte?
Diego Tomasoni said,
Wrote on July 15, 2009 @ 2:20 am
test
Frank said,
Wrote on July 20, 2009 @ 9:20 pm
Is there a way to check if a user has already authorized an application? For example, if I login via Twitter here, then logout and try to login again via Twitter, it always asks me to confirm authorization again, but it’s already in my profile.
carol said,
Wrote on July 23, 2009 @ 3:58 am
very useful, thank you for sharing this.
Colin M. Ford said,
Wrote on July 23, 2009 @ 10:25 pm
I’ve set up the plugin, got the api keys, and when I adjust the settings it says PHP5 is required for self-hosting, even if I don’t check the self-hosting box. I also have PHP5. Any suggestions? Thanks so much for this plugin
Christian R Sámano said,
Wrote on July 24, 2009 @ 3:27 pm
Hi!! i’m just commenting to test you plugin, cheers!!
Twitter Connect for WordPress | Shannon Whitley | Squico said,
Wrote on July 29, 2009 @ 6:00 pm
[...] In: Wordpress plugins 30 Jul 2009 Go to Source [...]
Integrando seu blog Wordpress com o Twitter « tail -f /dev/mind > blog said,
Wrote on July 30, 2009 @ 8:47 am
[...] Web Upd8, puntogeek & voiceoftech] Compartilhe e [...]
Sai Prasad K said,
Wrote on August 4, 2009 @ 7:48 pm
Testing Twit connect comment system
Sahas Katta said,
Wrote on August 13, 2009 @ 12:56 pm
Hey,
Is there a way to use Twitter Connect to let users comment on a WordPress Blog without creating WP user accounts for them? I just want to authorize them, but not ever make them a WP user. This way I won’t ever let random commenter ever have any access to the WP Dashboard.
Is there a way to modify your plug in to do that?
Shannon Whitley said,
Wrote on August 13, 2009 @ 9:09 pm
@Sahas Katta
Not right now. The only way to comment is to create an account in WP.
Sai Bharadwaj said,
Wrote on August 15, 2009 @ 11:18 am
Cool
kentoo said,
Wrote on August 18, 2009 @ 3:20 am
cool!
Aaron Shekey said,
Wrote on August 19, 2009 @ 10:05 pm
I’d love to see in the future the ability to post a tweet stating that I’ve commented on a post. “Just commented on xxxx”. This would definitely have to be up to the user, with a check box or something similar.
I’ll try my hand at implementing this feature. Great work on the plugin. It’s wonderful.
swhitley said,
Wrote on August 19, 2009 @ 11:43 pm
@Aaron Shekey – Thanks. Yeah, that idea has come up before. I’ve tried to keep this as simple as possible and that feature brings in things like dynamic url shortening. I’m sure it can all be done but I’m just not sure I want to tackle it. Good luck if you try it.
dalster said,
Wrote on August 20, 2009 @ 11:50 pm
So when a user posts on my blog the comment also “Tweets” on there Twitter account?
Chase Roper said,
Wrote on August 21, 2009 @ 2:28 pm
I keep getting the error “PHP 5 or greater is required to run Self-Hosted oAuth” whether I check that box or not. What have I done wrong?
piernodoyuna said,
Wrote on August 23, 2009 @ 1:57 pm
eo
Mosharaf Chowdhury said,
Wrote on August 24, 2009 @ 12:01 am
Testing how it works…
Shannon Whitley said,
Wrote on August 24, 2009 @ 11:08 pm
@Chase Roper – Go ahead and contact me via e-mail (swhitley@whitleymedia.com). I may need to help you clear out a database entry.
Andrew Valums said,
Wrote on September 4, 2009 @ 4:34 am
testing
angelday said,
Wrote on October 26, 2009 @ 2:34 am
Is this on?
Shannon Whitley said,
Wrote on October 28, 2009 @ 7:17 am
Version 2.0 Beta is available for download from this page:
http://www.voiceoftech.com/swhitley/?p=827
It includes a “Tweet This Comment” option.
hebdo said,
Wrote on October 31, 2009 @ 3:34 pm
I keep getting the error “PHP 5 or greater is required to run Self-Hosted oAuth” whether I check that box or not. What have I done wrong?
Shannon Whitley said,
Wrote on November 2, 2009 @ 7:54 am
@hebdo
Try this version:
http://www.voiceoftech.com/swhitley/?p=827
It doesn’t perform the PHP version check.
pixeco said,
Wrote on November 3, 2009 @ 9:18 am
Looks great guys, want to try this out on our dev site.
Byeeeee! R
Viki said,
Wrote on November 24, 2009 @ 6:36 am
Pretty neat! This would encourage a lot of guy to comment more often.
As seen here itself, this plugin works quite well!
Nice work. Thanks for the effort!
Pepe Huerta said,
Wrote on December 14, 2009 @ 10:08 pm
great job!
DarkPepe (Pepe Huerta) said,
Wrote on December 14, 2009 @ 10:13 pm
Twitter Comment
I just left a comment on Twitter Connect for WordPress at Shannon Whitley – [link to post]
– Posted using Chat Catcher
MadBox (Marcelo Derosas R.) said,
Wrote on December 14, 2009 @ 10:34 pm
Twitter Comment
@DarkPepe ese si te salió, hay algo mal XD
– Posted using Chat Catcher
stephwen (Stephane Wenric) said,
Wrote on January 9, 2010 @ 5:02 am
Twitter Comment
@MXV339 voilà [link to post]
– Posted using Chat Catcher
Howzzit said,
Wrote on January 31, 2010 @ 2:09 am
Well, with the latest WP 2.9.1, I found a certain anomaly.
After I login using Twitter Connect and comment, the comment does get registered, but in the Spam section. Even if I categorise it as “not spam”, the comments still keep picked up by the Spam section.
Moreover, after someone comments, he should be given the told that his comments is currently under moderation, which ain’t happening.
If you wanna test drive the issue, check out my website’s commenting.