OpenID logo

Upon upgrade for Wordpress 2.8 and sometimes even without it I have encountered an interesting problem: when trying to login using OpenID (or add OpenID via admin panel) I was getting this peculiar message: OpenID login failed: Invalid openid.mode ‘<No mode set>’.

As you know, my Wordpress theme ioni2 is highly customized so I though at some stage that this would be a problem within the code, but the solution was just a few clicks away, really.

What happened?

I would input any OpenID (http or https), be redirected to the OpenID provider site (say, blogspot), confirm my identity and then be redirected back. This is where the blog would give me the error so it was clearly the plugins fault.

Interestingly enough, any similar OpenID plugin would produce the same results. Yadis, Another OpenID plugin – all of them. So I figured out – the problem was not with the ioni2 theme but rather with the underlying server configuration!

Moreover I have seen this problem only and exclusively with Hostgator. For instance Bluehost, where my other projects are hosted, does not seem to have it. Line by line comparison showed that their configurations although difference, are more or less alike. So.. support call!

Solution:

It appears that OpenID was triggering a mod_security rule set by the hosting company:

[*] Rule ID: 340163
[*] URLS Affected: /openid/consumer
[*] Description: Remote File Injection attempt in ARGS (MM)

So the solution was to whitelist the domain within this serverrule. Just request your hosting support something like:

I am running Wordpress and OpenID plugins. OpenID is a well-known standard (you can check it at openid.net) and very secure open-source project, same as Wordpress. However it seems to trigger mod_security as it considers is as a intrusion.

Please whitelist my domain

This should solve the problem of No+mode+Set in OpenID.

Moreover, I believe that the same goes for any server configuration with Drupal, Joomla and any other CMS which relies on this absolutely wonderful DiSO plugin