mgcwebsites

Yep that’s how it works – the next step is logging in – no doubt it’s easy when you know how but I didn’t know where to start and couldn’t even find a hint in the right direction. I wasted hours writing my own oAuth plugin too!

*IF* it’s OK for the updating site/app to know the username and password for the site exposing the API (i.e. you own both of them as in my cases) then JSON Web Tokens are quick, easy and work reliably.

On the site to be accessed…..

Install JWT Authentication for WP-API by Enrique Chavez
Add the following to .htaccess

# BEGIN JWT Authentication for WP-API
RewriteEngine on
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) – [E=HTTP_AUTHORIZATION:%1]
SetEnvIf Authorization “(.*)” HTTP_AUTHORIZATION=$1
# END JWT Authentication for WP-API

Add the following to config.php

# BEGIN JWT Authentication for WP-API
define(‘JWT_AUTH_SECRET_KEY’, ‘your-top-secret-key’);
define(‘JWT_AUTH_CORS_ENABLE’, true);
# END JWT Authentication for WP-API

Activate the plugin

On the site / app that will do the accessing you can now request a JWT via a new endpoint the plugin creates BUT this app will need to be in possession of the WP username and password. Now just send the token in the headers with of every request as a bearer token and it just works. You can configure the timeout of the tokens from seconds to years. There is also a way to revoke tokens but honestly that’s still on my todo list.

I’m no security expert so do your own research but for my situation this saved the day – I have yet to find any other method of accessing the API that I could get to work.

Last tip is don’t even think about coding up anything until you’ve already seen it work in Postman – it’s so much quicker to trial and error using the app – saves hours.

If you want to use iFrames you have to have the line below in your <head> to bring in the supporting script.

<script custom-element=”amp-iframe” src=”https://cdn.ampproject.org/v0/amp-iframe-0.1.js&#8221; async></script>

For me the AMP plugin is adding it successfully but I had to include the line below in my custom template to make it happen (if you aren’t using a custom template then I think the plugin should take care of this):

<?php do_action( ‘amp_post_template_head’, $this ); ?>

If the above code is working you should also see the canonical to the non AMP page and the line below:

<script src=”https://cdn.ampproject.org/v0.js&#8221; async></script>

If you don’t see either of those then you need to work out why the action isn’t happening. If the others are there then you need to work out why it isn’t also adding the iframe code. It looks like it only adds it if it detects the requirement so maybe your iFrames aren’t valid? If all else fails you could add the line to your template manually – I’d at least try that to confirm that it’s the problem.

My Bad! I’ll leave the solution here to help others:

If using a custom template you need to use $this->get( ‘post_amp_content’ ) rather than the_content() to get the modified post.

Here’s my code which is working well though I haven’t been able to test the error handling as I haven’t yet managed to generate one. The code relies on my print_admin_notice function (which is pretty self explanatory) and would obviously be easily broken by changes to WordFence so would not really be suitable for redistributed plugins in this form. I hope this helps somebody. Thanks for your help wfasa.

function clearWordFenceCache(){
	if(is_plugin_active('wordfence/wordfence.php')){
		if(wfConfig::get('cacheType', false)!=''){
			$result = wfCache::clearPageCache();
			if ($result['totalErrors'] > 0){
				foreach ($result['error'] as $error){
					print_admin_notice('error', 'Clearing the WordPress cache failed with the following error: '.$error);
				}
			}else{
				print_admin_notice('info', 'The WordFence Cache has been cleared. '.$result['dirsDeleted'].' directories and '.$result['filesDeleted'].' files deleted.');
			}
		}else{
			print_admin_notice('info', 'The WordFence plugin is active but the cache is disabled so needn\'t be cleared');
		}
	}else{
		print_admin_notice('info', 'The WordFence plugin is either disabled or not installed so the cache needn\'t be cleared');
	}
}

Thanks that’s the info I was looking for. I’ll try and leave an example to finish this thread off when I have got it sussed in a day or two.

The plugins use shortcodes in the page that trigger php functions that insert html, e.g. that days entertainment or opening hours etc..

I assume this output is being cached as part of the page when it is first rendered and from then on the shortcodes aren’t being utilised?

If so then if I could just trigger a clear of the cache I’d be away. Or have I miss-understood?

Thanks wfasa. No my plugins add/update/delete content in separate tables. If I knew exactly how WordFence recognised a post/page update perhaps I could trick it into thinking there had been one?