wordpress-activitypub icon indicating copy to clipboard operation
wordpress-activitypub copied to clipboard
verified publisher icon Automattic

Website verification

Open mallory opened this issue 10 months ago • 8 comments

Verifying an identity on activity pub is a way for fediverse users to recognise one another. Since Wordpress is a web platform it makes sense that the website automatically includes the rel="me" link tag to verify the ghost activity pub user(s) without any additional end user configuration.

mallory avatar Mar 10 '25 20:03 mallory

what do you mean with "ghost activity pub user(s)"?

pfefferle avatar Mar 10 '25 20:03 pfefferle

As far as I know WordPress does not provide the links. I have done it on the menus of my site by creating menu link to my main profile @[email protected]. You have to make visible the Link Relationship (XFN) advanced properties- that's from the Screen options tab while editing a menu.

Image

So that I can add a custom link to a menu

Image

resulting in the link being on every view of my site

Image

I got 4/4 verified!

Image

The question is for the profile that the ActivityPub generates for my same blog @[email protected] - I guess this is the OP "ghost activity pub user"? How can I get a verified mark for it's profile? Here I have none verified:

Image

The question is- to get the correct link, what is the URL needed for the href in <a rel="me" href="..."/> ?? Will https://cogdogblog.com/@barking work for my ActivityPub presence? (I have just added this to check)

cogdog avatar Mar 16 '25 00:03 cogdog

Does this work with non-Mastodon profiles?

obenland avatar May 13 '25 20:05 obenland

I am not sure what you mean by "work with non-Mastodon profiles?"

You can verify from any site where you can somehow make a hyperlink there that links to the users (mine) Mastodon profile and use the rel="me" attibute.

It seems to me that the ActivityPub plugin should be able to make it so the WordPress URL is automatically verified if set up as a profile link.

cogdog avatar May 13 '25 21:05 cogdog

Hey @cogdog you can already do that, by adding rel-me to the <a href=""> in the block or classic editor.

I did some checks and it seems that Mastodon is really adding rel-me to every link used in the "Extra fields". I am not sure if I like that, because not every link in the extra fields must be necessarily an other representation of "me".

The rel-me definition from the XFN spec:

A link to yourself at a different URL. Exclusive of all other XFN values. Required symmetric. There is an implicit "me" relation from the contents of a directory to the directory itself.

So adding rel-me to every link is not semantically correct, but I can see the advantage of that: It is easy to use and the "trusted network" or "verification" only happens if the referenced site links back. I am not sure though if we should go the same path!

pfefferle avatar May 14 '25 09:05 pfefferle

We already add rel-me to the auto generated links: https://github.com/Automattic/wordpress-activitypub/blob/36bada3fba0f429e01bf92bb2b18ede145feb9b0/includes/collection/class-extra-fields.php#L225

...and to URLs that will be transformed to HTML automatically (if you use no HTML but simply the URL in the editor field): https://github.com/Automattic/wordpress-activitypub/blob/36bada3fba0f429e01bf92bb2b18ede145feb9b0/includes/collection/class-extra-fields.php#L107

pfefferle avatar May 14 '25 09:05 pfefferle

Thanks @pfefferle I might be confused or causing confusion. I'm trying to figure out how can the link for my WordPress site's fediverse account profile get the verification lit up green?

  1. I have a wordpress site at https://cogdogblog.com
  2. ActivityPub enabled and publishing to world as @[email protected]
  3. My profile fields include a link to it's own blog
  4. But this profile link is not verified

Shouldn't the site be able to out of the box verify itself without me adding elsewhere links with rel="me"? I mean who is a better authority to verify than the site itself!

Or if I need to add a link somewhere with rel="me" what is the URL I should link to so I can have my blog profile verified? (this does not work as a link, just trying to guess

    <a href="https://cogdogblog.com/@barking" rel="me">Mastodon</a>

??

cogdog avatar May 15 '25 21:05 cogdog

I'm trying to figure out how can the link for my WordPress site's fediverse account profile get the verification lit up green?

I think that is only possible for Mastodon accounts:

Mastodon [looks] for a qualified link that matches the criteria: […] The href attribute on one of those elements must be equal to the URL for your Mastodon profile. —https://docs.joinmastodon.org/user/profile/#validation-criteria-for-verified-links

Further up, the docs say:

Because Mastodon can be self-hosted, there is no better way to verify your identity than to host Mastodon on your own domain, which people already trust. —https://docs.joinmastodon.org/user/profile/#verification

So I guess by definition, your WordPress site on you own the domain is considered trustworthy.

obenland avatar May 17 '25 14:05 obenland

Closing as this appears to be only possible for Mastodon accounts.

obenland avatar Sep 05 '25 16:09 obenland