Skip to content

OAuth2 Alternative to WP OAuth Server

About 4 years ago, I embarked on a journey to developer a solution for SSO for a client that was running WordPress. Instead of WordPress using social media to log users in, WordPress would be the provider. After looking for solutions in the form of plugins, I was confronted with having to development something. Taking what I learned from the project, I decided to build a plugin that turned WordPress into a OAuth2 Server. The project turned into WP OAuth Server and soon became very popular with large companies.

For the past few months (well since WP REST API) was merged into WP Core, I have monitored chatter and been approached multiple times about WP OAuth Server and its support for WP-REST API. About a year ago, I added support for for WP-REST API into WP OAuth Server which made the process of using OAuth2 possible with WP-REST API. There was and is an issue looming. WP OAuth Server is designed and intended to be used by business’s and comes with a license fee.

I have decided to completely develop a new OAuth2 Server from the ground up designed for free and unrestricted use for the general public. The plugin will be developed in a way that it uses 100% Native WP functionality with a simple to use UI. The plugin will also have WP CLI for better administrative support. The idea is to provide an free consumer level alternative to WP OAuth Server all together.

 

If you are interested in helping with the project, please shoot me an email contact me on Slack @justingreerbbi.

6 Common Misconceptions About WordPress

All to often when the name WordPress is mentioned in a corporate environment, there is always push back from an IT team or some stuck using ColdFushion (yes developers and companies still use this). Why is this? This is why I wanted to post my experience with 5 common misconceptions about WordPress.

 

  1. WordPress is insecure – This is the farthest things from the truth. WordPress has been deemed by the public and experts as being one of the most secure CMS. Server configuration, bad plugins and theme theme development are the leading cause of insecurities.
  2. WordPress is just for Blogs – Nope, no it is not. WordPress has evolved into a super flexible CMS that can be used for any kind of website that needs a CMS.
  3. WordPress is Free, Paid is better – WordPress is Free and being open source, it has the smartest people working on the system. Most all contributors are volunteers and are very good at what they do.
  4. It is Open Source and any Joe and add to it – True and false! Joe can write and contribute any code he see’s fit no matter the quality of the work. Then Senior developers commented to WordPress vet Joe’s code. They test is against ever known situation they can through at it. If the code is not inline with WordPress’s values or roadmap, Joe’s code will never make the cut.
  5. WordPress can never stand against Enterprise CMS – First off, this one bugs me the most. If you ever developed for a so called enterprise system, you know that they are clunky, extremely overpriced, and outdate so fast with little upgrade support. But what is enterprise or what does it mean? Well this is straight from Wikipedia:

    Enterprise software, also known as enterprise application software(EAS), is computer software used to satisfy the needs of an organization rather than individual users. Such organizations would include businesses, schools, interest-based user groups, clubs, charities, or governments.

    Lets look at some examples of so called sites that fall under the category of needing to use an “enterprise” system BUT use WordPress. TechCrunch, The New YorkerSony Music, Best Buy, Fortune, The Rolling Stones and AMC with all the individual show sites as well. There is many more which I would be happy to provide if you would like.

  6. WordPress is not for large sites with high traffic – WordPress.com is ran using the WordPress CMS and is among the top 100 most visited sites in the USA (as of Aug 2015  Stats). Developers of Windows Technology and other CMS communities will say that WordPress is not powerful enough but the stats do not lie. WordPress is just as powerful if not more powerful as any Enterprise system.

WordPress is growing and as of now (the time writing this post) is currently at 25% of all websites running a CMS. WordPress is not going any where. It is not for every one or every site but I encourage you to at least look and try before you spend 17K a year on “enterprise” CMS that will leave you spending 25K-100K a year for a system and team that just traps you in a corner.

Please Update or Go Home

I see it almost every day and there is not much more that bothers me than someone running old and out-date software complaining about an issue. My first questions are:

  1. What version of WordPress are you running?
  2. Are you on shared hosting?
  3. What version of PHP are you running?

For the most part, people have little to no clue what I am talking about. I forgive them for this though, but at the same time “ignorance of updating” is never a valid argument. They are ignorant to the facts of updating. Everyone knows that updating anything = important but some just choose to ignore it as long as things are working.

When I log into a WordPress install that is having issues and I see that their WordPress install in running on anything more than 1 version behind the latest, I instantly want to through a brick (foam of course). This is because the first course of action to any issue is going to be updating. More times than not, clients installs are running several major version behind which ultimately is the root cause of a lot of issues. Yes, updating could also be the cause of issues but the risk is well worth the reward.

Here are some things to remember and note:

  • If you are on shared hosting and your site is slow, upgrade to VPS or DV. Shared hosting is not what you are looking for.
  • If your host is running older version of PHP and or MySQL, ask to be upgraded or find a new host. Any PHP version below 5.4 is completely uncalled for and the horse should be shot.
  • If your site is having issues, make a backup and update EVERYTHING! Not just what you want. If things break, that means some plugin, theme or your hosting was not managed correctly. Let the host, plugin/theme author know or find a better product!

 

</end rant>

The Next Step in Awesomeness

If you have not heard the buzz on the internet about Let’s Encrypt, then you may want to catch up. Let’s Encrypt is a project that spear heads the advancement into a 100% TLS standards for all browsing. As a matter of fact, the project is pushing to deprecate the less secure HTTP protocol. Mozilla and Chromium are wanting to start displaying a warning message for websites that do not use a TLS connection. They are doing this by offering free SSL/TLS certificates to counter the “WTF”. I am here to tell you that “It needs to happen”.

But wait, there is more! I have to be honest and say that I have not been a fan of DreamHost for a long time but what they just did may have just changed my mind. Today DreamHost posted that all their clients are now able to enable free SSL/TLS using the technology behind Let’s Encrypt.

This is HUGE in my eyes. Although you could of got a free SSL/TLS certificate for years, the process was bulky and took time. DreamHost has just set the bar high and makes it as easy as clicking a button. Did I mention it is FREE? Yes, it is 100% free!

You can read more about this on DreamHost’s blog: https://www.dreamhost.com/blog/2016/01/20/free-ssltls-certificates-at-dreamhost-with-lets-encrypt/.