Skip to main content

Blogger Blog Readers Unable To Comment, Using OpenID Accounts Hosted By WordPress

We're seeing a scattered collection of reports, mentioning problems publishing comments, using OpenID authentication.

This problem appears to be related to the Blogger rollout of SSL support, for our blogs, which is currently in progress. SSL, or Secure Socket Layer, represents the next step in blog / website security - a step which the Internet community has been taking, for many years.

Blogger has been using SSL (aka "HTTPS" login), in their dashboard, for several years.
https://www.blogger.com
That's a secure Blogger login. The problem with Blogger using SSL in our blogs is that moving to SSL requires care, to avoid confusing our readers. Lack of care will subject our readers to the well known "mixed mode" warnings.
This site has insecure content.
Only secure content is displayed.
Firefox has blocked content that isn't secure.
These are several examples of what were normal, years ago, on many websites. Blogger does not want our readers subject to needless confusion, from these warnings.

Blogger blog owners have been asking, for years, that Blogger support SSL in BlogSpot (and our custom domains).

FaceBook upgraded to SSL, in 2013 - and saw problems with Blogger content.

Last year, FaceBook upgraded to SSL. Blogger blog owners, who were also FaceBook members, watched their Walls, which contained HTTP links to their Blogger blogs, show the "mixed mode" warnings.
The real issues begin to arise, however, when your application must include assets served by servers which also do not support SSL.
...
We’ve all experienced “mixed mode” warnings, with some browsers being much more annoying about them than others. "Mixed mode" means you requested a page over SSL, but some of the resources needed to fully render that page are only available over unencrypted HTTP.

Blogger is offering the option for us to upgrade our blogs, this year.

Now, Blogger is upgrading, so our blogs may (optionally) support the SSL protocol - and not confuse FaceBook members, who post links to our blogs. To avoid the "mixed mode" warnings, which would confuse our readers, they are upgrading all Blogger processes, including OpenID authentication, to support SSL.

The Blogger upgrade has exposed a WordPress inconsistency.

Just as FaceBook upgrading to SSL helped to cause Blogger to upgrade, so is Blogger upgrading to SSL exposing an inconsistency in WordPress use of SSL, for OpenID authentication.
The problem in my case (and maybe in others as well) seems to be that https://yourblog.wordpress.com is send for verification to the OpenId server. This is what I could figure out from the URL. If you than manually replace HTTPS with HTTP, it works.
This comment suggests that WordPress, which in general is using SSL security, has an OpenID server that has not been upgraded.

WordPress needs to check their OpenID servers.

So now, Blogger has to wait for WordPress to fall into step, consistently. Until WordPress upgrades their OpenID server, people who want to use a WordPress OpenID account, to comment on our blogs, will have to select "OpenID", instead of "WordPress" - then enter the WordPress OpenID URL, as
HTTP://whatever.wordpress.com
And wait for WordPress to upgrade their server.

Comments

Popular posts from this blog

Custom Domain Migration - Managing The Traffic

Your blog depends upon traffic for its success.

Anything that affects the traffic to your blog, such as any change in the URL, affects the success of your blog. Publishing the blog to a custom domain, like renaming the blog, will affect traffic to your blog. The effects of the change will vary from blog to blog, because of the different traffic to every different blog.Followers. People who find your blog because of recommendations by other people.Search engines. Robotic processes which methodically surf your blog, and provide dynamic indexing to people who search for information.Subscribers. People who read your content from their newsfeed reader, such as the dashboard Reading List.Viewers. People who read your content from their browser.No two blogs are the same - and no two blogs will have the same combinations of traffic sources.

Stats Components Are Significant, In Their Own Context

One popular Stats related accessory, which displays pageview information to the public, is the "Popular Posts" gadget.

Popular Posts identifies from 1 to 10 of the most popular posts in the blog, by comparing Stats pageview counts. Optional parts of the display of each post are a snippet of text, and an ever popular thumbnail photo.

Like many Stats features, blog owners have found imaginative uses for "Popular Posts" - and overlook the limitations of the gadget. Both the dynamic nature of Stats, and the timing of the various pageview count recalculations, create confusion, when Popular Posts is examined.