June 4, 2024
Wordpress is one of the most popular Content Management Systems (CMS) out there. For the year plus, Wraith Scribe let users connect their WP via admin password or application password. And this allowed for Wraith Scribe to post new articles to your Wordpress automatically (so you don't have to copy/paste a bunch of content to your Wordpress for each article).
I am currently running a new experiment where I am trying to run a blog on autopilot with Wraith Scribe (on a Wordpress site, of course).
To my dismay, the longstanding Wraith Scribe system doesn't work for this new site. After 2 days of back and forth with the Namecheap / EasyWP team, it turns out that for this particular Wordpress Site, I needed to install a plugin to be able to get application passwords to work. But this is hacky, because WP ships with its own application password management, and installing this extra plugin means my dashboard has duplicate application passwords fields:
This is bad enough, but past experience also indicates that any of the following could completely break Wraith Scribe's ability to authenticate with your Wordpress account:
I updated Wraith Scribe's Wordpress plugin so users can now simply:
A video of how easy it is here.
P.S: The plugin now also allows for meta description uploads, without the need for Yoast SEO! Previously, the plugin piggybacks off of Yoast SEO to generate a meta description. Now, the plugin will see if you have Yoast SEO or AISEO installed. If "yes," it'll attach the meta description to those plugins. If you don't have those plugins, the meta description will be added via our plugin. So, the dependency on Yoast SEO or any other plugins is completely eliminated with this update!
The above's the update. If you don't care about nerding out to tech details, you can skip this part. But if you're curious what the new plugin does and what the technical issues are, read on!
The 2 main ways for any site to connect to Wordpress is via Rest API and XML-RPC. The latter is deprecated, as was said in the document for years, but somehow still works.
I find that for different WP setups, different combinations of Rest API / XML-RPC would work:
Needless to say, this is a nightmare. And to mitigate authentication issues, Wraith Scribe has always used both methods to try and connect to your Wordpress account. That is, it'll try XML-RPC first, and if that fails, fallback to REST API.
In some combinations above, only admin passwords work and that's a huge security concern. Even though all your credentials are encrypted in our database (so even if Wraith Scribe gets hacked, the hacker wouldn't have a way to access your Wordpress account), the data is still stored in our database. And admin passwords will work across your entire Wordpress site.
Application passwords are the way to go, but too bad they are horribly unreliable as a method to authenticate across websites.
The new Wordpress Plugin simply adds to your Wordpress site the ability to generate a secure webhook token, so that Wraith Scribe can use that webhook token to authenticate with your Wordpress site.
Unlike a master password, the webhook token is on a per-user basis. And if you don't want to use the token anymore, simply regenerate a new token and update Wraith Scribe's connection. Or, simply delete the plugin and there will be no endpoints to allow for access to your website via the token.
Thus, the new token mechanism acts as a more reliable application password.
Since I was updating the plugin, I also wanted to reduce user friction by eliminating the need to have Yoast SEO installed for meta description upload. Prior, the POST request to your Wordpress via REST API (which is restrictive by nature) had no way of updating your blog posts' meta description. Thus, it had to piggy back off of Yoast SEO in order to inject it. Now, the plugin will inject the meta description directly.
If you do have Yoast SEO installed, the plugin avoids duplicate / spammy meta descriptions by simply:
I don't know what it is with REST API or XML-RPC, but uploading images and posting a new blog post is very slow. There are probably a lot of code and checks against REST API + XML-RPC causing the lag.
One surprisingly (good) thing about using this new way to connect to your Wordpress is uploads are much faster. I used to have to wait anywhere between 10 seconds to 1 whole minute for the post to be published from Wraith Scribe -> Wordpress. This, of course, once again, depends on your Wordpress version and other setup, as some sites are quicker to publish than others for me.
With this plugin though, I seem to be able to reliably publish posts in a 5-10 second range instead. This may not matter if you're using our batch article feature, where you don't really sit around and wait for the publishing to happen, but still, it's a nice surprise. And, faster responses from Wordpress means there's less likelihood for other random errors to happen, like timeouts or disconnections.
I made a new way to authenticate Wraith Scribe to your Wordpress account that:
