What are your experiences with wp-discourse plugin and SSO?

I’m considering the WP-Discourse plugin to integrate my WP site with Discourse, but would be interested in understanding a bit better what the benefits and costs are. What do you lose exactly when you turn on SSO in terms of discourse functionality, and what do you gain? How are the WP and Discourse accounts linked? For example, can the user profile info like picture, username, email address, “about me” and location be shared across both platforms?

Thanks for any guidance. I’d love to be directed also any good examples of the wp-discourse plugin in action, with and without SSO.

Does WP-Discourse do SSO? I wasn’t aware that it did.

I think you may be referencing two separate things: WP-Discourse and Single Sign On (SSO).


The WP-Discourse plugin doesn’t really have anything to do with SSO. It allows for posts from your WordPress site to post to your Discourse forum. When people post replies to the article in the forum, it shows up on the post on your WordPress site as well.

If you’d like to see it in action, we have an articles section on our forum where my site’s articles publish. So, here’s an article we did that had a few replies on our forum. And you can see the article formatted in the forum here.

But it’s different than a commenting system in that you can’t reply right from the WordPress post. You can click the link that says something like “join the discussion here” to make a comment or reply, but again, you have to be on the forum to do any interaction. Okay, so that’s WP-Discourse.


Now, SSO is different.

I know for sure that the username and email address can transfer over. Basically, when you have it set up, account creation is pushed back to your WordPress site, rather than Discourse. And people who are members of your WordPress site just have to login into Discourse with their WordPress info and they’re good to go.

I asked/hired @AdamCapriola for his SSO help in connecting my site and he did a fantastic job. I’ve linked his post where he offers and explains what he can do. He creates a plugin for you that utilizes Discourse’s SSO feature and he can customize it to be a basic SSO set up or transfer over other things. He’d be a better person to ask about those possibilities.


The Readme mentions sso:

It is possible it was added later, I guess, there were a number of pull requests.

Yes, SSO is now featured in the WP-Discourse plugin. I think it must have changed recently as previously I was using PrimeTime WordPress + Discourse SSO but I’ve disabled this plugin now.

1 Like

@molly_cushing I very much appreciate you taking the time to provide this information for me - it’s really helpful! The WP-Discourse and SSO functionality you describe and demonstrate on your site is precisely what we’re looking for. We do want some more user profile pulled across into WP from Discourse and have some other considerations… I’ll get in touch with @AdamCapriola to see what he can do for us. I hope you don’t mind that I will also sign up on your site to have a poke around.

@codinghorror what else happens on the discourse side when you turn on SSO in terms of user experience, signing up and logging in, maintaining user profile, anything else users are doing on discourse? Are there considerations for upgrading and maintaining the discourse instance on the admin side? So far I have only been using the out of the box plain vanilla discourse.

1 Like

Also, if you get it all taken care of, you should look through this thread:

From here down is where you’ll want to focus I think. SSO with WordPress overwrites your blacklist on Discourse essentially.


is it possible to install the WP-Discourse plugin without using Composer? Adding composer into the mix of our clients projects really adds complexity.

I can’t make this plugin publish my Wordpress’ posts to Discourse. I’m getting the following errors on Discourse logs.

I have Wordpress on mydomain.com and Discourse on sub.mydomain.com on 2 isolated servers with different IP addresses. Is this a problem? Using an API key shouldn’t ignore CSRF checks?

Can’t verify CSRF token authenticity
ActionView::Template::Error (Discourse::InvalidAccess)

(Env section of both errors with this:)

HTTP_HOST: sub.mydomain.com
HTTP_X_REAL_IP: x.x.x.x

wp-id: 209
embed_url: http://mydomain.com/test/
api_key: e2f053f6144d155c5860480a7838be65ce82fa14d3debfa72f216355ca10048c
title: test
raw: Originally published at: http://mydomain.com/test/
category: News
skip_validations: true
auto_track: true

api_username is blank, this is incorrect. pass in system or the name of an admin or simialr


Thank you, @riking! It’s working fine now!

1 Like

Also, change your API key ASAP. You may have hidden the door, but that’s no reason to leave the master key in the lock. :grin:


Molly I have looked at Your website and it seems You are not using Discourse as the commenting system on the Wordpress post anymore . Anything have gone wrong?

I see that the post replicate into Your forum but I can’t see the comment from the forum appear on the wp post…

Yeah, we chose not to use it as the commenting system and just have our articles go to our forums. It worked just fine on a technical level, it just wasn’t best for our community.

I just wish Wp-discourse took the full form of a comment system that can serve both forum and non-forum members as long as they are signed up. What is the big limitation to allowing that happen. I’d like to drop Disqus, but not all visitors want to be redirected to another subdomain to make a comment.

This is a strategic decision which I support. Lots of discussion here about this over the years - take a read through …




quote from that blog post:

I do not, and will not, offer in-page commenting here. If you want to reply with a comment, you go next door to the community clubhouse. There’s a fairly strong, but permeable, membrane between the editorial area here and the community area there . This is intentional.

Meanwhile, this topic is about other aspects of the wp-discourse plugin.