cburschka
commented
7 years ago In principle, yes: This utility directly uses the WordPress installation's codebase (and database config) to do the login.
In practice, there are several ways to bridge that gap:
Firstly, you could put a separate WordPress codebase onto the ejabberd server which has access to the same database (but you may get weird update issues, because WP tends to update itself automatically and the installations might get out of sync).
Secondly, you could run the script on the WordPress server remotely, using some extra scripting to run it as a daemon and open a port, then connect to it from the other server. However, this isn't quite trivial - especially because the passwords are still in clear text at this point, so you'd want to secure the connection somehow. ;)
(This last part is also why I haven't tried to add network access as a feature yet - I don't know enough to do it in a secure way.)
Edit: Not to mention that your shared host might not let you run daemon processes or open ports.
Edit2: There's one more solution I can think of, though, which is to decouple this script: One half is a server-side part that just gets accessed over ordinary HTTPS, new bootstrap for every request. The other half is the client, which still runs persistently, but sends a new HTTPS request to the server half for every authentication attempt.
Should be feasible and not have too much of a performance impact...
Am I guessing right that the CMS has to be on the same server as ejabbered?
So I could not authenticate against a Wordpress installation on my shared web-host from an eJabbered server on my separate VPS?