Understanding the WordPress API key

Post image for Understanding the WordPress API key

by bledsoe on July 16, 2009

Most people develop an interest in the WordPress API key when they discover Akismet, a handy plugin that handles comment spam.  Unfortunately, in order to activate this plugin (and some others), you have to have something called a WordPress API key, and the process of acquiring one can be a little confusing.  Here are a few key things to know:

  1. There's a difference between wordpress.com and wordpress.org. WordPress.com is the place you go when you want to have a blog, but you don't want to worry about things like hosting, FTP, or setting up a MySQL database; and you also don't mind that your blog's URL will be something like franksblog.wordpress.com. WordPress.org is the place you go to download all the (free) files to set up your own WordPress site with your own host and your own URL (e.g., www.franksblog.com); this kind of WordPress site is also known as a "self-hosted" WordPress site.
  2. The only way to get a WordPress API key is to create an account at wordpress.com. If your blog is hosted at wordpress.com, you already have an API key; you got it automatically when you created your account.  If you have a self-hosted blog, you may not have an API key, since there's nothing that says you have to create a wordpress.com account in order to set up a self-hosted WordPress blog.  And if you're happy with your self-hosted blog and have no interest in further complicating your life with a wordpress.com account, or using any of the plugins that require an API key, you can stop reading here.  However...
  3. Some WordPress plugins require you to have an API key. And this is why some WordPress bloggers, who have their own self-hosted WordPress site and would otherwise have no interest whatsoever in creating a wordpress.com account, find themselves doing just that.  Because they want to install a particularly nifty plugin (like Akismet) on their WordPress site, and they have to have a WordPress API key in order to make the plugin work, and they have to have a wordpress.com account in order to get an API key.

While all of this may seem fairly straightforward, the thing that causes confusion for many self-hosting WordPress bloggers is the fact that once you acquire an API key, you now have not one, but two WordPress "accounts" (i.e., Username/Password combinations): one which you use to log in to the admin page of your self-hosted WordPress site, and one which you use to log in to your wordpress.com account.  This is particularly confusing when you are already logged in to the Admin section of your self-hosted WordPress site (say, attempting to activate your new Akismet plugin) and find yourself being asked to login to your wordpress.com account (in order to get your API key).  This often leads to confused exclamations such as:

But I'm already logged in to WordPress!

Why is the WordPress login screen telling me I entered the wrong password? I've been using that password for months!

Help! I can't get into my site's admin page!

Now, of course, you can understand the source of the confusion.  These bloggers forgot that they now have two different WordPress "accounts": one for their self-hosted WordPress site (which they need to access their site's Admin pages), and one for wordpress.com (which they need to access their API key).

And this is really the main thing to remember if you have a self-hosted WordPress site and want to get an API key.  Once you get the API key (and its associated wordpress.com account) you now have two WordPress "accounts," for two separate purposes.  As long as you remember which is which, and which one you're logged into at any given time, you'll be fine.

Note on using the same API key for more than one site: Yes, you can do this and in fact, if you have multiple self-hosted WordPress sites, this is the preferred method.  Just enter your (one) API key for each different site (say when installing the Akismet plugin), and you're all set.

Previous post:

Next post: