WordPress site quickly integrates Tencent's digital identity management and control platform CIAM to realize login authentication without development

One 、 summary

WordPress It is an internationally renowned open source blog software and content management system . Around the world 30% Website (7 Billion 5000 individual ) It's using WordPress Erected . because WordPress Have a powerful template system 、 Flexible plug-in mechanism and excellent plug-in ecology , Many users not only use it to build Blog websites and content management systems , It is also used to build various commercial websites and business systems .

No matter use WordPress What kind of system to set up , Providing login authentication function for users is a basic and common requirement . However ,WordPress The login authentication and user management functions of the platform are very limited , Only the authentication method based on account and password is supported , Only via email 、 Limited attributes such as nicknames identify users , And do not have the statistical analysis and audit ability of user login activities .

Tencent digital identity management and control platform （ Public Edition ）（ hereinafter referred to as Tencent CIAM）, Account used to manage public Internet users 、 Registration and Certification Rules , Open up scattered user data islands 、 Help the application to better identify and portrait users .

This article describes how to use Tencent CIAM Yes WordPress Site login protection . Readers will see , because Tencent CIAM Provides convenience 、 Fast configuration function and standardized support for Internet authentication protocol ,WordPress Managers don't have to write a single line of code , It can be realized by simple configuration operation WordPress Enhancement and reinforcement of site login authentication and user management capabilities .

Two 、WordPress Default login function

Suppose we have deployed one WordPress Site , Its root path is https://WORDPRESS.SITE. First let's take a look WordPress The platform has its own user management and login authentication functions .

After using the administrator to log in the background , It can be accessed from the menu on the left user -> All users Check it out. WordPress List of users , And view user details 、 Maintain user information 、 Reset password .

WordPress The default login page only supports account and password authentication .

3、 ... and 、 Use Tencent CIAM To take over WordPress Sign in

Tencent CIAM Support application system based on Standards OpenID Connect (OIDC) Access Agreement , Support account and password 、 SMS OTP、 mailbox OTP、 WeChat PC Sweep code 、 Wechat applet login 、 Alipay login and other authentication methods , Support users to register through the form or automatically register after the first login , Tencent cloud console provides a convenient interface to flexibly customize the above functions .

install WordPress OIDC plug-in unit

our WordPress The site will pass the standard OIDC Deal with the Tencent CIAM docking . therefore , We first install and enable WordPress Of OIDC plug-in unit . stay WordPress Background selection plug-in unit -> Installing a plug-in , Search and install OpenID Connect Generic Client plug-in unit .

To enable the plugin , When you visit the login page again , Found a button added at the top of the page Login with OpenID Connect .

Because it has not been corrected yet Tencent CIAM To configure , This feature is temporarily unavailable . Next we configure CIAM .

establish Tencent CIAM application

Tencent CIAM The official website of is https://cloud.tencent.com/product/ciam. At the beginning of use Tencent CIAM front , We need to log in to Tencent cloud first , Opening CIAM service , And in CIAM Create a user directory in . Suppose we have created a domain name named https://dev-wordpress.portal.tencentciam.com User directory for （ The domain name of the user directory can be CIAM Console Personalization -> Domain name settings See ）.

The user directory is Tencent CIAM It's a foundation for the future “ Containers ”, User's account information 、 Related configuration of the application system accessed by the user 、 The authentication methods of users will be stored and configured in the user directory . Next , There needs to be an application in the user directory to play WordPress The role of the site , Realization WordPress And Tencent CIAM Docking . stay CIAM Of Application management Create or use an existing application in the column , Complete the following configuration .

l essential information

l Application type selection Web application

l Fill in the application name according to the actual situation 、 Industry and application description

Apply basic information

l Parameter configuration

l Redirect URI fill https://WORDPRESS.SITE/wp-admin/admin-ajax.php?action=openid-connect-authorize

l Please use your WordPress Site root path replacement https://WORDPRESS.SITE. The same below .

l Logout Redirect URI Fill in the site root path https://WORDPRESS.SITE

l Other configurations use default values

l The process configuration

l Enable the login process , The preferred authentication source is the one provided by the system Account password authentication , The associated authentication source is not set temporarily ,Claims After the user login successfully CIAM Will be provided to WordPress User information field for , Here we choose the commonly used The user nickname 、 User name 、 Email address and Gender .

l Enable the registration process . Authentication attribute selection Email address and User name , Common properties will The user nickname As a required item , Gender As an optional item .

l Other processes and agreement management are temporarily closed .

After completing the above configuration , go back to Application management Column list page , Enable the app .

To configure WordPress OIDC plug-in unit

Next configure WordPress OIDC plug-in unit . stay WordPress Background selection Set up -> OpenID Connect Client, Complete the following configuration .

l Login Type Choose the default OpenID Connect button on login form

l Client ID and Client Secret Key Fill in... Separately CIAM Application of basic information page Client ID and Client Secret OpenID Scope fill openid

l Login Endpoint URL fill https://dev-wordpress.portal.tencentciam.com/oauth2/authorize

l Please use your CIAM Replace the user directory domain name https://dev-wordpress.portal.tencentciam.com. The same below .

l Userinfo Endpoint URL fill https://dev-wordpress.portal.tencentciam.com/userinfo

l Token Validation Endpoint URL fill https://dev-wordpress.portal.tencentciam.com/oauth2/token

l End Session Endpoint URL fill https://dev-wordpress.portal.tencentciam.com/logout?client_id=CLIENT_ID&logout_redirect_uri=https://WORDPRESS.SITE

l Please use your CIAM User directory domain name 、CIAM application Client ID、 and WordPress Replace the above with the site root path https://dev-wordpress.portal.tencentciam.com、CLIENT_ID and https://WORDPRESS.SITE.

l Identity Key Fill in the default sub

l Nickname Key fill nickname

l Email Formatting fill {email}

l Other settings use default values or leave blank .

Running effect

thus , our WordPress The site is ready to use Tencent CIAM Log on to the . Revisit WordPress The login page , Click on Login with OpenID Connect, In the pop-up CIAM Log in with an existing user or register a new user on the login page .

After successful login , Will automatically jump back to the access before login WordPress page .

View user information and login log

Use Tencent CIAM To take over WordPress After logging in , We can do it in CIAM Console view a list of registered users 、 Last logon time and user details , You can also edit user details 、 Reset user password or lock 、 frozen 、 Delete user .

On the console Audit management In this column, you can view the details of user login .

Four 、 Advanced use

Allow users to log in more ways

Tencent CIAM Support users to log in and authenticate in a variety of ways . Next , We are WordPress Add mailbox to the site OTP Login method of .

adopt CIAM Console Certification management -> General certification source -> Create a new authentication source -> mailbox OTP authentication To create a new mailbox OTP Authentication source .

Fill in the basic information of authentication source

Configure authentication source policy

After creation , Open the authentication source on the authentication source list page .

After creating and opening the authentication source , We still need to be told WordPress Application to use this authentication source . Find... In the app list WordPress application , choice To configure -> The process configuration , Check the newly created mailbox in the associated authentication source of the login process OTP Authentication source , Then click OK .

here , Revisit CIAM The login page , You can see that a new account is added on the basis of the original account password authentication “ Email login ” The choice of . Enter the email address and click “ Send verification code ”, You can log in through the one-time password received in the mailbox .

shielding WordPress The login page

At present , When users log in, they will access WordPress Default login page , Then click on the page Login with OpenID Connect Jump to Tencent CIAM Login page . We can modify WordPress OIDC Plug-in configuration to further optimize the user login experience . visit Set up -> OpenID Connect Client, Configure the first item Login Type It is amended as follows Auto Login - SSO, Click on “ Keep changing ”.

When the user logs in again , Will no longer be displayed WordPress The login page , It's a direct display of Tencent CIAM The login page .

by WordPress Set site wide content login protection

In some cases , We want users to register and log in first , Then we can visit WordPress Content of the site . You can check the of the plug-in Enforce Privacy Configure to implement this requirement .

Enable login protection

other

Tencent CIAM It also supports wechat login 、 Alipay login 、 User data synchronization 、 Forget the user name 、 Forget the password and other rich functions , Interested readers can do further exploration and practice based on the content of this article .

Tencent CIAM Link to the official website of ：https://console.cloud.tencent.com/ciam

Welcome to Tencent IDAM Experience communication group , Free activities are in progress ！