[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fdzg2n3YwDOJRw8c5nPDrWogOmXNr0Ohjc1QfwiJtEWQ":3},{"slug":4,"display_name":5,"profile_url":6,"plugin_count":7,"total_installs":8,"avg_security_score":9,"avg_patch_time_days":10,"trust_score":11,"computed_at":12,"plugins":13},"jehan","Jehan","https:\u002F\u002Fprofiles.wordpress.org\u002Fjehan\u002F",1,10,85,30,84,"2026-04-05T02:45:42.878Z",[14],{"slug":15,"name":16,"version":17,"author":5,"author_profile":6,"description":18,"short_description":19,"active_installs":8,"downloaded":20,"rating":21,"num_ratings":7,"last_updated":22,"tested_up_to":23,"requires_at_least":24,"requires_php":25,"tags":26,"homepage":32,"download_link":33,"security_score":9,"vuln_count":34,"unpatched_count":34,"last_vuln_date":35,"fetched_at":36},"xmpp-auth","XMPP Authentication","0.6","\u003Cp>This plugin has two main features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>any reader on your website can comment if one has an Instant Messaging\u003Cbr \u002F>\naddress (XMPP protocol, otherwise called Jabber. A Gmail or a LiveJournal\u003Cbr \u002F>\naccount for instance are such standard IM identifiers as well);\u003C\u002Fli>\n\u003Cli>a subscribed user (whatever its role) can authenticate with one’s IM\u003Cbr \u002F>\naddress if they set their IM address.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin is still in experimental state but is usable.\u003C\u002Fp>\n\u003Ch4>Detailed Process\u003C\u002Fh4>\n\u003Cp>The authentication part is something like openID, except that it uses your\u003Cbr \u002F>\nexisting IM address: you ask for authentication on a website, and it pops-up a\u003Cbr \u002F>\nconfirmation via IM (that you can accept, or refuse).\u003C\u002Fp>\n\u003Cp>Considering that the IM protocol (XMPP) is very secure,\u003Cbr \u002F>\nall the infrastructure to securely exchange an authentication request is\u003Cbr \u002F>\nthere. No need to make any new account, no need a special client, nor a\u003Cbr \u002F>\nidentity third party provider, and that’s really instantaneous (as \u003Cem>instant\u003C\u002Fem>\u003Cbr \u002F>\nmessaging) and more secure than HTTP or SMTP protocols.\u003C\u002Fp>\n\u003Ch4>Spam Protection\u003C\u002Fh4>\n\u003Cp>It adds an additional layer to protect against Spam by verifying an\u003Cbr \u002F>\nidentity using a very secure and modern protocol (XMPP), which also is instant,\u003Cbr \u002F>\nhence much more reliable in any way than email for instance.\u003C\u002Fp>\n\u003Ch4>Secure and Easy Login\u003C\u002Fh4>\n\u003Cp>Many reasons to use such a plugin for login:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>not to have to remember a new password (password-login can be disabled in\u003Cbr \u002F>\nyour profile, on a per-user choice);\u003C\u002Fli>\n\u003Cli>you are in a very insecure environment (for instance a cybercafe) and consider\u003Cbr \u002F>\nonly your IM account to be a minimum securized. Or better, you run an IM\u003Cbr \u002F>\nclient on your smartphone (or a similar tool), so you would receive the query\u003Cbr \u002F>\non this personal item while never typing any kind of password on the insecure\u003Cbr \u002F>\nplatform where you log.\u003C\u002Fli>\n\u003Cli>And so on.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Configuration\u003C\u002Fh3>\n\u003Ch4>Publishing Account\u003C\u002Fh4>\n\u003Cp>This section contains the connection parameters of the account which will be\u003Cbr \u002F>\nused as a wordpress bot. I would personnaly advice to create a dedicated account\u003Cbr \u002F>\njust for it (you may also use your personal account of course, as the plugin’s\u003Cbr \u002F>\nbot will create a resource identifier unique for every connection) and to\u003Cbr \u002F>\nconfigure it to refuse any contact and communication (as noone will have to\u003Cbr \u002F>\nadd it to one’s roster, except you maybe for test or debugging purpose?).\u003Cbr \u002F>\nThe fields are:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The bot address (bare jid form: mybotname@myserveraddress);\u003C\u002Fli>\n\u003Cli>the password.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Advanced Connection Parameters\u003C\u002Fh4>\n\u003Cp>By default xmpp-auth can use SRV records which is a recommended way to\u003Cbr \u002F>\nadvertize server and port from a domain name (see for instance\u003Cbr \u002F>\nhttp:\u002F\u002Fdns.vanrein.org\u002Fsrv\u002F for details).\u003C\u002Fp>\n\u003Cp>This is an advanced section in case your server does not use SRV AND uses a server\u003Cbr \u002F>\nwhich is not the same as the domain from the jid or a port different from the\u003Cbr \u002F>\ndefault one (5222).\u003C\u002Fp>\n\u003Cp>Hence there will be very very few cases where you will have to fill this\u003Cbr \u002F>\nsection and if you don’t understand all what I say here, just don’t fill\u003Cbr \u002F>\nanything there (if you fill even only one field, then it will be used instead\u003Cbr \u002F>\nof SRV and default values).\u003C\u002Fp>\n\u003Cp>The default values will be used if the fields are empty and no SRV is configured on\u003Cbr \u002F>\nthe Jabber server:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>the XMPP server (often the same as ‘myseveraddress’ of the jid);\u003C\u002Fli>\n\u003Cli>the XMPP port (usually 5222).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>TODO\u003C\u002Fh3>\n\u003Cp>Features I am considering:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>check quickstart (http:\u002F\u002Fxmpp.org\u002Fextensions\u002Finbox\u002Fquickstart.html). In\u003Cbr \u002F>\nparticular, I should at least cache DNS lookups now.\u003C\u002Fli>\n\u003Cli>deactivate IM features when plugin not configured.\u003C\u002Fli>\n\u003Cli>For comments, use the IM avatar of the commenter instead of gravatar;\u003C\u002Fli>\n\u003Cli>Make various notifications usually done by email be done by IM instead (if\u003Cbr \u002F>\nadequate);\u003C\u002Fli>\n\u003Cli>Display the comment’s JID on the admin page (as we display the email\u003Cbr \u002F>\naddress, obviously only for administrators);\u003C\u002Fli>\n\u003Cli>Add Scram-* to SASL package;\u003C\u002Fli>\n\u003Cli>Make the generic XMPP part a PEAR package.\u003C\u002Fli>\n\u003Cli>Subscribe with XMPP JID.\u003C\u002Fli>\n\u003Cli>Login with JID or username (both possible).\u003C\u002Fli>\n\u003Cli>If password is disabled, it also cannot be resetted.\u003C\u002Fli>\n\u003Cli>Make user choose to receive password reset or other notification through IM\u003Cbr \u002F>\ninstead of email.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>XMPP Features\u003C\u002Fh3>\n\u003Cp>Full Secure XML Stream with:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>TLS (with real certificate verification, so confidentiality and\u003Cbr \u002F>\nauthentication);\u003C\u002Fli>\n\u003Cli>SASL (Digest-MD5, CRAM-MD5 and PLAIN only for now);\u003C\u002Fli>\n\u003Cli>SRV records “randomization” algorithm.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Contacts\u003C\u002Fh3>\n\u003Cp>You can have some news about this plugin on \u003Ca href=\"http:\u002F\u002Fjehan.zemarmot.net\" title=\"my public diary\" rel=\"nofollow ugc\">my freedom\u003Cbr \u002F>\nhaven\u003C\u002Fa>.\u003Cbr \u002F>\nYou can also drop me an instant message on “hysseo” at zemarmot.net.\u003C\u002Fp>\n\u003Cp>Have a nice life!\u003C\u002Fp>\n","Allows users to authenticate without password via XMPP and for visitors to be filtered by XMPP verification.",2799,100,"2016-01-15T14:33:00.000Z","4.4.34","3.2.0","",[27,28,29,30,31],"authentication","comments","jabber","xep-0070","xmpp","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fxmpp-auth\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fxmpp-auth.0.6.zip",0,null,"2026-03-15T15:16:48.613Z"]