WordCamp New York City 2009

November 14–15, 2009
...was awesome!

Hacking Authentication in WordPress MU & BuddyPress

Photo of Casey Bisson

Casey Bisson

Most every university uses LDAP or some other authentication technology to reduce the number of systems that users have to maintain their passwords in. When Plymouth State University first deployed WordPress MU (when it was still in pre-release beta), we integrated with LDAP. Eventually we migrated to single sign-on via CAS (Central Authentication Service) and I took over maintenance of the wpCAS plugin.

Running WordPress as a client to other authentication systems is easy, but WordPress offers a number of user-facing features that get lost when doing that.

So when we went looking for ways to improve the security of our password assignment and reset process, we decided to make WordPress the center of the system. Using WordPress saved us the trouble of building our own and the many eyes of the WordPress development community help ensure the overall security of the system.

WordPress now powers the authentication, password recovery, and profile management for the university, replacing the authentication features of our commercial portal system. Now we’re taking advantage of WP’s plugin architecture to easily add new features (like sending password reset codes by SMS), but this approach also offers a neat way to sneak more social features into the tools our users depend on daily.

I’ll be discussing the evolution of WordPress authentication at Plymouth State, including the custom plugins and hacks we developed to make it work, in my session on User Authentication with MU in Existing Ecosystems at WordCamp New York.

Leave a Reply

You must be logged in to post a comment.

Recent Posts

Post Categories

RSS #wcnyc

Platinum Sponsors

Silver Sponsor

Bronze Sponsors

Small Business Sponsors



Mojofiti logo



Fusebox logo


Cacoo logo


Consultant Sponsor

WordCampNYC has no relationship to public radio station WNYC, and we apologize if our abbreviation-based logo has caused any confusion.

Visit WordCamp Central


Code is Poetry.