Today I’m going to show how to remotely publish post using xml-rpc of the wordpress.This is actually very simple and powerful.If you want to publish posts or pages without log into the wordpress admin panel you can use this method.First we’ll consider what is this XML-RPC and it’s usages.
What is this XML-RPC?
Location:-wp-includes/class-wp-xmlrpc-server.php
XML-RPC is a protocol for remote process calls which makes use of XML for the data exchange and it principally makes use of HTTP for the actual call.
In XML-RPC the client that wishes to make a call to a remote technique the input parameters in the form of XML and sends it through an HTTP request to a remote server implementing the XML-RPC protocol.
The distant/remote server implementing the XML-RPC protocol will get the request after which performs the remote technique and returns the end result again in XML format.
You can find more information from XML-RPC WordPress API
Advantages and Usages of XML-RPC
WordPress XML-RPC server supports multiple types on APIs for XML-RPC. Following are the types of APIs that WordPress XML-RPC server supports:
- WordPress API
- Blogger API
- MetaWeblog API
- MovableType API
- PingBack API
Usages
- Get post or posts details
- Add new post or multiple posts
- Edit posts
- Delete posts
- Get posts types
- Get post formats
- Get post status list
Disadvantages of XML-RPC
Hackers can attack to your site using this class-wp-xmlrpc-server.php file to access the web site.So you must add security settings to prevent that.Mostly,
- Hijacks your website without your knowledge
- Uses your site for a DDoS attack
- Potentially gets your domain labelled as a spammer
How to stop that?
You can Add a filter to functions.php,prevent access to XMLRPC.php using .htaccess,use a plugin for this.We’ll talk about this in next post.
Enough.Let’s see how to remotely publish post using XML-RPC.
First of all you must enable the XML-RPC in WordPress.
Enable XML-RPC in WordPress 3.4 and below
Due to the security reasons in WordPress versions 3.4 and below, XML-RPC has been disabled by default.
To enable XML–RPC:
1-Log into your WordPress Admin panel.
2-On the sidebar, select Settings and then Writing
3-Check the box next to XML-RPC
4-Save your settings
Enable XML-RPC in WordPress 3.5 and new versions
WordPress has resolved the security issues related to XML–RPC and it is enabled by default. You do not need to do anything to publish to your WordPress blog remotely.
How to remotely publish post using XML-RPC?
I’ll write the function here to do this.Then you can send parameters to it.
// This will publish the posts. function publish_post_xmlrpc($request,$BLOGURL) { //Initializing CURL $ch = curl_init(); //The URL to be downloaded is set curl_setopt($ch, CURLOPT_URL, $BLOGURL."/xmlrpc.php"); curl_setopt($ch, CURLOPT_HEADER, false); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: text/xml")); curl_setopt($ch, CURLOPT_POSTFIELDS, $request); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); // this will return the post id //Now execute the CURL, download the URL specified $response = curl_exec($ch); $response = xmlrpc_decode($response); curl_close($ch); if(isset($response)) { return $response; } } // PROCESS START FROM HERE. // Site url only.NOT the sitelogin url $BLOGURL = 'YOUR-WEB-SITE-URL'; $USERNAME = 'LOGIN-USERNAME'; $PASSWORD = 'LOGIN-PASSWORD'; // post details $title = 'This is remote post title'; $description = 'Remote post contents is goes here'; //Forming the content of blog post $content['title'] = $title; $content['description'] = $description; $content['categories'] = array(1); // category id.You can send category ids as array $content['post_status'] = 'publish'; // publish | pending | draft // process begin $toPublish = true;//Whether the post has to be published $request = xmlrpc_encode_request("metaWeblog.newPost",array(0,$USERNAME, $PASSWORD, $content, true)); // call to the remote function $postID = publish_post_xmlrpc($request,$BLOGURL); // return the post id
Further, I’ll show the main xml-rpc function to identify what are the functions we can use there.
function wp_xmlrpc_server() { $this->methods = array( // WordPress API 'wp.getUsersBlogs' => 'this:wp_getUsersBlogs', 'wp.getPage' => 'this:wp_getPage', 'wp.getPages' => 'this:wp_getPages', 'wp.newPage' => 'this:wp_newPage', 'wp.deletePage' => 'this:wp_deletePage', 'wp.editPage' => 'this:wp_editPage', 'wp.getPageList' => 'this:wp_getPageList', 'wp.getAuthors' => 'this:wp_getAuthors', 'wp.getCategories' => 'this:mw_getCategories', // Alias 'wp.getTags' => 'this:wp_getTags', 'wp.newCategory' => 'this:wp_newCategory', 'wp.deleteCategory' => 'this:wp_deleteCategory', 'wp.suggestCategories' => 'this:wp_suggestCategories', 'wp.uploadFile' => 'this:mw_newMediaObject', // Alias 'wp.getCommentCount' => 'this:wp_getCommentCount', 'wp.getPostStatusList' => 'this:wp_getPostStatusList', 'wp.getPageStatusList' => 'this:wp_getPageStatusList', 'wp.getPageTemplates' => 'this:wp_getPageTemplates', 'wp.getOptions' => 'this:wp_getOptions', 'wp.setOptions' => 'this:wp_setOptions', 'wp.getComment' => 'this:wp_getComment', 'wp.getComments' => 'this:wp_getComments', 'wp.deleteComment' => 'this:wp_deleteComment', 'wp.editComment' => 'this:wp_editComment', 'wp.newComment' => 'this:wp_newComment', 'wp.getCommentStatusList' => 'this:wp_getCommentStatusList', 'wp.getMediaItem' => 'this:wp_getMediaItem', 'wp.getMediaLibrary' => 'this:wp_getMediaLibrary', 'wp.getPostFormats' => 'this:wp_getPostFormats', // Blogger API 'blogger.getUsersBlogs' => 'this:blogger_getUsersBlogs', 'blogger.getUserInfo' => 'this:blogger_getUserInfo', 'blogger.getPost' => 'this:blogger_getPost', 'blogger.getRecentPosts' => 'this:blogger_getRecentPosts', 'blogger.getTemplate' => 'this:blogger_getTemplate', 'blogger.setTemplate' => 'this:blogger_setTemplate', 'blogger.newPost' => 'this:blogger_newPost', 'blogger.editPost' => 'this:blogger_editPost', 'blogger.deletePost' => 'this:blogger_deletePost', // MetaWeblog API (with MT extensions to structs) 'metaWeblog.newPost' => 'this:mw_newPost', 'metaWeblog.editPost' => 'this:mw_editPost', 'metaWeblog.getPost' => 'this:mw_getPost', 'metaWeblog.getRecentPosts' => 'this:mw_getRecentPosts', 'metaWeblog.getCategories' => 'this:mw_getCategories', 'metaWeblog.newMediaObject' => 'this:mw_newMediaObject', // MetaWeblog API aliases for Blogger API // see http://www.xmlrpc.com/stories/storyReader$2460 'metaWeblog.deletePost' => 'this:blogger_deletePost', 'metaWeblog.getTemplate' => 'this:blogger_getTemplate', 'metaWeblog.setTemplate' => 'this:blogger_setTemplate', 'metaWeblog.getUsersBlogs' => 'this:blogger_getUsersBlogs', // MovableType API 'mt.getCategoryList' => 'this:mt_getCategoryList', 'mt.getRecentPostTitles' => 'this:mt_getRecentPostTitles', 'mt.getPostCategories' => 'this:mt_getPostCategories', 'mt.setPostCategories' => 'this:mt_setPostCategories', 'mt.supportedMethods' => 'this:mt_supportedMethods', 'mt.supportedTextFilters' => 'this:mt_supportedTextFilters', 'mt.getTrackbackPings' => 'this:mt_getTrackbackPings', 'mt.publishPost' => 'this:mt_publishPost', // PingBack 'pingback.ping' => 'this:pingback_ping', 'pingback.extensions.getPingbacks' => 'this:pingback_extensions_getPingbacks', 'demo.sayHello' => 'this:sayHello', 'demo.addTwoNumbers' => 'this:addTwoNumbers' ); }
That’s all.Hope you understand well. Happy coding. 🙂