It looks like you are using the default WordPress registration system. I am assuming that because your login page is at
wp-login.php. This means that the WP Discourse plugin will mark user’s email addresses as verified.
It looks like you are using the default WordPress registration system. I am assuming that because your login page is at
Another question about this.
Does Discourse still send emails when Discourse Connect Provider is setup, does Discourse still send email notifications to WP users?
How does it work if someone is a WP user but never accessed the forum, vs someone who is a WP user and is accessing the forum.
Yes, Discourse will still send them emails. Email notifications sent from Discourse are not affected by using Discourse Connect as the authentication system.
A user on your WordPress site who has never accessed Discourse is not considered to be a user on Discourse. They will not receive any email notifications from Discourse. The only exception to this is if you enable the WP Discourse “Create or Sync Discourse Users on Login” setting:
If that setting is enabled, a Discourse account will be automatically created for users when they login to your WordPress site. In that case, if a user has logged into WordPress, but never visited your Discourse site, they will start receiving the weekly digest email from your Discourse site.
So I just tested this and it doesn’t seem to be the case. how can I make sure users’ emails are verified now without having to do it manually?
Also, how can new users sign up and also get their email verified? Currently, we send them to wp-login.php which has no option for signing up, only logging in.
I can create a new button on the forum which says ‘sign up’ and sends them to a custom sign-up page within WP but then this is an issue:
In addition to this, after they sign up I would want to redirect them back to the Forum and make sure they are logged in.
I am also exploring another approach which I believe would make things easier from the users prespective and would love to hear you’re thoughts.
What if we were to manually export all Discourse users and import them into Wordpress. This process would
Create a Wordpress account for each user that exists on Discourse
link that account to their forum profile
mark their email address as verified in WP. Since they are already Discourse users we can assume they are verified.
Send them an email telling them to reset their forum password (because step 1 would reset it)
This way they don’t have to create a new account for themselves and only have to simply reset their password.
This process does not resolve the questions/issues I highlights in the reply above this one
You can confirm whether or not email addresses are being verified by creating a new account on WordPress after having enabled Discourse Connect. If email addresses are verified, you will see a confirmation at the bottom of the user’s preferences page. You can also manually mark an email address as verified from here:
Assuming email addresses are not being verified, instructions for how to have email addresses marked as verified when a user creates an account are here: Configure single sign-on (SSO) with WP Discourse and DiscourseConnect. This would be safe to do if your site is sending users a confirmation email that contains a link they need to click before they can access the site. If your WordPress site isn’t doing that, you could also add some code so that user’s email addresses are marked as verified after they have registered for one of your courses. Setting that up might require some help from a developer.
I’m seeing two separate login pages on your site:
- Log In ‹ Project Van Life — WordPress (doesn’t contain a link to your registration page)
- https://projectvanlife.com/login/ (contains a link to your registration page, but clicking the link takes me to a “not found” page)
The easiest thing to do would be to sort this out so that there is only one login page on the site, and the page contains a valid link to the site’s registration page. I suspect that can be accomplished via the settings page of the plugin that is adding the login form. Note that if you choose to use the login page at
https://projectvanlife.com/login/ , you will need to add
/login to the “Path to your Login Page” in the WP Discourse settings:
I think this might confuse users. An easier approach would be to just add a link to your Discourse forum that is structured so that users are automatically logged into Discourse when they click the link. Here are details about how to create the link: Create a DiscourseConnect login link. Once DiscourseConnect is enabled on your site, you should also structure this link in that way:
That is possible. Some details about how to do it are here: How to import Discourse users to WordPress? - #2 by simon. The main problem I see is that you’d be creating work for yourself without making things much easier for your users. If it was me, my concerns would be that users might not get or read the email and some users might not be happy about having a new account created on their behalf. There’s also a potential security issue unless the importer plugin you use has a way of forcing users to change their passwords after their first login.
It would be a lot easier to just create a banner topic in your “staff” category with details about the change. The wording in the screenshot could be improved a bit:
Once you’ve made the change, update the banner topic to let users know to contact an admin if they run into any issues logging in.
I just thought of something that might help. You could temporarily configure your Discourse site to be the DiscourseConnect provider for your website between now and the time that you set your WordPress site to be the DiscourseConnect provider. If you did that, you could add something like the following to the banner topic:
Here’s the full link that I’ve used:
<a href="http://wp-discourse.test/?discourse_sso=1&redirect_to=http://wp-discourse.test/wp-admin/profile.php" target="_blank">Create an account on (your website name)</a>
Clicking it will register a new account on WordPress and redirect users to their WordPress profile page where they can set a password. Note that for your case you will need to replace both uses of
http://wp-discourse.test in the link with
@simon thank you SOO much for your detailed response this was all extremely helpful!
This is a great idea!
What if we were to impersonate each user and do this for them? Would that cause any issues?
Does this approach also keep their login password the same after we switch to Wordpress to the Discourse Connect Provider?
I don’t think it would cause any issues.
Setting WordPress as the DIscourseConnect provider will not change the user’s WordPress password.
Is this the only thing that this setting does?
It’s named and described in WP quire vaguely I feel so I was wondering what else it might do?
what if a user already exists inside Wordpress and Discourse. How do i merge / connect their profiles?
Technically, what it does is make a call to the Discourse
sync_sso route and passed their data (WordPress user_id, username, name, email…) to Discourse immediately after they login to WordPress. Details about the
sync_sso route are here: Sync DiscourseConnect user data with the sync_sso route.
The only side effect of this that I’m aware of for WordPress users who have never visited the Discourse site is that they will start receiving digest emails from Discourse.
This is why you want to encourage your Discourse users to register on WordPress with the same email address as they are using on Discourse. As long as the email addresses match, they will be logged into the correct Discourse account. This is assuming you take care of the issue with email verification that we discussed in previous posts.
It’s likely that you’re going to end up with some users signing up on WordPress with different email addresses than they’ve used on Discourse. For that case, a new Discourse account will get created for them, using the WordPress email address. You’ll need to manually merge the old Discourse account into the new Discourse account: Merge User Accounts.
What happens if we have to manually update a users email in Wordpress. Does their Discourse email also get updated if this setting is enabled
Updating a user from their WordPress profile page doesn’t trigger the call to
sync_sso. It probably should do that though. For now, you’ll need to ask them to log out of WordPress, then log back into WordPress. I don’t believe it’s possible for an admin to logout a WordPress user from their profile page.
If you want to keep emails and/or usernames synced between WordPress and Discourse, enable these Discourse settings:
auth overrides email
auth overrides username
Thank you Simon. I think this is the process I will go with after considering everything:
- Export users from Discourse
- Activate Discourse Connect
- Import and create those users in Wordpress and mark their emails as verified in WP
- When these users login (via custom login page) they have to reset their password
- Somehow force only this segment of users to change their password after they enter their email (and system realizes they are apart of this segment)
- OR just Show message on login page: “if you are logging in after [date] you must RESET your password”
- Access should work!
As for new sign-ups that come in, I will need to figure out a way to verify the emails. I’ll probably just email them their passwords.
I also noticed that even if the “Email Address Verified” setting is not selected in the Wordpress profile, the user is still able to SSO onto discourse. They have to confirm their email regardless the first time they enter Discourse though. Which is good.
Do these settings have any side effects?
Yes, that’s the way it’s intended to work. That’s not much of a barrier for most users. The issue you need to be aware of is that if the email address is not marked as verified on WordPress, Discourse will not match WordPress users to Discourse users based on their email address the first time they login to Discourse via DiscourseConnect. As long as you figure out how to mark the email addresses of your imported users as verified, that won’t cause an issue. If you don’t mark them as verified, it’s going to be a hassle to sort things out.
If enabled, they prevent users from changing their username or email address on Discourse.
yea I was testing a ton and I realized this. I am just going to write a custom script that marks all users who I import as verified.
Thanks for clarifying!
Is it okay to keep the verbose /logs on forever?
Will this negatively impact performance?
I’ve seen cases where they’ve been left on forever. I don’t believe it has any meaningful impact on performance. It just clutters up your logs if you’re trying to debug an issue that isn’t related to DiscourseConnect.
Everything has been working great so far!
One small thing I am noticing is that whatever path I input into this field:
becomes the default WordPress login page.
For example, if I try now to go to /wp-admin which is what I would previously use to login as admin, it redirects me to /login/forum
Ideally, it would only redirect to this when someone clicks the login button from the discourse forum.
I’m wondering if this is normal behavior and if it is a bad thing for it to function like this.
That is the expected behaviour. The “Path to your Login Page” option is used to override the default WordPress login path. It does that by hooking into the WordPress
It doesn’t remove the default login route at
/wp-login.php, so you can still go directly to that URL by entering it into your browser’s address bar. Instead of going to
/wp-admin, go to
/wp-login.php to use the default login page.
I can think of a way that the plugin could be updated to only redirect to the “Path to your Login Page” path for logging into Discourse, but that change would take a bit of work.