I’m creating a WordPress plugin for collectively managing a Twitter account. I want to

Question

0

Asked: May 18, 20262026-05-18T00:55:07+00:00 2026-05-18T00:55:07+00:00

I’m creating a WordPress plugin for collectively managing a Twitter account. I want to

0

I’m creating a WordPress plugin for collectively managing a Twitter
account. I want to allow the user to add accounts via the Admin panel
similar to the way twitterfeed.com does.

However, the only way I can see of doing it is to get the user to sign
in to their account, register the application under a unique name and
paste in the Consumer Key and Consumer Secret to my application.

What are the security repercussions of simply
distributing a single Consumer Key and Consumer Secret with my plugin,
so that I can get the Request Token and Access Token and minimise the
effort required by the user?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-18T00:55:07+00:00

As I understand it, the biggest issue (I’m not sure it’s necessarily a security issue) is that someone will use your Key/Secret inappropriately (let’s say a spamming application) causing it to get revoked. At that point, every instance of your plug-in will fail to authenticate and you’ll have to generate a new one, incorporate it in your plug-in and get all the users to update. Which is probably not ideal…

Ars Technica had a pretty good write-up about it here

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I’m creating a WordPress plugin for collectively managing a Twitter account. I want to

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply