Facebook Platform Updates, SSL, and WPBook

Road to nowhere (Photo by Matthew Connor, cc-by-nc license)

Back in January, I got an unexpected flurry of WPBook support requests, and ultimately discovered they were the result of Facebook’s decision to allow people to browse Facebook in HTTPS mode.

As part of that change, Facebook introduced some new settings: “Secure Canvas URL” and “Secure Tab URL,” which would enable https connections throughout your Facebook application.

WPBook mostly worked with these two variables properly set (thanks to cshiflet for this patch).

Now, however, Facebook has announced they will require ALL apps to support https:

Today, we are announcing an update to our Developer Roadmap that outlines a plan requiring all sites and apps to migrate to OAuth 2.0, process the signed_request parameter, and obtain an SSL certificate by October 1.

What will this mean for WPBook users?

Unfortunately, my guess is that many WPBook users are not prepared to install an SSL certificate and accept https traffic on their blogs. (SSL certificates typically require that your blog have a unique IP address and cost extra at shared hosting facilities).

If you are unable to install an SSL certificate for your blog, and enable https based browsing of it, you may be unable to use WPBook after October 1, 2011 (or whenever Facebook decides to actually enforce this migration step).

More to come as we get closer to that date.


  1. I would have to agree, quite depressing indeed. My wife loves this plugin and I had 2 different projects in the works that were going to utilize it. Not I have to figure out if I can adjust the budgets for SSL certificates. I really hope things don’t go this way.

  2. Apparently they are enforcing it now. My Facebook blog app just broke, and when I attempt to update it, Facebook demands that I provide a Secure Canvas URL.

    I can do that, but it’s going to be a huge PITA. Any other ideas?

  3. Hmm. No idea why they would be enforcing it sooner than they said they would – are you browsing Facebook in HTTPS mode when you update the app?

    If you are browsing FB in secure mode, you need an HTTPS endpoint for your app.

    This will also be true for your users, I think. If they are browsing Facebook in https mode and your app doesn’t support it, I think they’ll just get an error in viewing the app page.

    Not sure yet how to handle this in the next release of WPBook – maybe abandon the “blog view” inside Facebook altogether, and just focus on posting extracts with external permalinks pointing to the blog?

  4. Hello John, I hope it is ok to cross-post as I have left a similar comment on the WP forum. Thanks for your help there.

    I was a bit freaked by the original announcement and presumed that WPBook’s future was not very good. I wouldn’t be able to install SSL certificate’s to the blogs I have done because they aren’t mine and I don’t think the people I build them for would bear the extra cost. So I gave up on it.

    Now it looks like WPBook has a future even if it is with dropping the blog view. The best thing about WPBook is the commenting. If that is still going to be around after the changes in FB then I’ll persevere with my problems in the setup?

    Thanks for the Plugin. Martin

  5. This is doubly frustrating for folks who are using cloudflare as it requires an upgrade in service to use it with a SSL. So not only would one be paying for the certificate, (which at my host is $50 plus $10 a month) but also for a more expensive plan.

    I hope an alternative solution is possible. I’ve very much enjoyed this plugin; indeed, I’ve just begun recognizing the benefit it can be/is with the number of increased comments I’ve been receiving through Facebook that are now viewable on my blog as well.

    Thank you for all your work, this really is a wonderful plugin.

  6. I turn around this new facebook policy since several days, because my hosting company ( ovh ) don’t offer IP and ssl for its mutualized plans.

    Several offers exist if that should help:
    – Dreamhost have a FBSSL discount coupon with a free 3.95$ IP
    – For people who have an IP, free ssl certficate are available on http://www.startssl.com/ by example
    – One great FBSSL coupon come from http://www.hoststellar.com , several websites in the same reseller account – 1$/month for each additional domain, dedicated IP and ssl certificate include.

    Feel free to join the discussion in the FB developpers group

  7. Greetings John,

    Just curious if you had given any thought as to your plans with this? I think that dropping the blog view on facebook would be great. Or if ppl still want it, maybe make it an optional configuration. I know personally I don’t need that feature.

Comments are closed.