Premium WordPress Integration

danielunited

clarkwinkelmann 🤯 Looks absolutely amazing!

[deleted]

Amazing, yes - however, mine insists on telling me I need to use https:// whereas I am already !

danielunited

[deleted] Same here. Also the comments on my WordPress posts show an iframe for the first discussion in my community - instead of the relevant associated discussion to the post.

clarkwinkelmann

[deleted] danielunited I didn't test that properly apparently. I relased a fix:

Version 1.3.1 - April 2, 2020

Fix Wordpress URL HTTPS health check

You can update the Flarum extension via Bazaar or Composer.
Requires version 1.2 or greater of the Wordpress plugin.

hrvoje_hr Hoping for the different wp categories <-> Flarum tags option in the next release.

This will come at some point 😉

danielunited Also the comments on my WordPress posts show an iframe for the first discussion in my community - instead of the relevant associated discussion to the post

This is quite odd. I'm not sure how to troubleshoot that 😬

clarkwinkelmann

Just a heads-up, the premium Wordpress integration is incompatible with Flarum Help Tags. If you enable Help Tags, then a logged in user will always see the oldest discussion they authored in the iframe instead of the intended comment thread.

Most likely @askvortsov will be able to fix it. I opened an issue here with the details if anyone is curious askvortsov1/flarum-help-tags1

This is the issue that was affecting danielunited

hrvoje_hr

clarkwinkelmann hrvoje_hr Hoping for the different wp categories <-> Flarum tags option in the next release.

This will come at some point 😉

Any news about this feature?

clarkwinkelmann but the alternative will be a javascript integration, like Disqus.

This would be great. With every visitors spike on my WP we have serious issues with CPU impact.

Generally, yearly plan is a great offer, but before that kind of commitment I would like to know the future plans and roughly timeframes.

clarkwinkelmann

Version 1.3.2 - April 3, 2020

Add session dropdown to iframe and make title translatable

You can update the Flarum extension via Bazaar or Composer.
Requires version 1.2 or greater of the Wordpress plugin.

You can now customize the "Comments" text via Linguist.

[deleted]

@clarkwinkelmann is it possible to use the URL set by the permalink in WordPress for each forum post ? I typically provide direct attribution on imported posts to the original location, but the forum link points to my own site.

clarkwinkelmann

Do you mean this link

pointing to a non-Wordpress URL ?

It's using the get_permalink() method of Wordpress, so I would expect it to re-use whatever is rendered on Wordpress.

I did not test this particular case when trying out the FeedWordPress extension. If it does not work with the current solution I'm unsure what I could do.

[deleted]

clarkwinkelmann yes, that one 😁. If I check the WordPress post, it's using the external permalink. In the forum version of the post, it redirects to my own site post which isn't right - it should inherit the permalink which in this case is the URL of the original post.

troymccann

Hi all. I've installed the plugins on each of Wordpress and Flarum, using the new Extiverse private repo method. I'm having trouble with the health check (and the install wizard), but there are no errors being written to the log file.

The wizard is reporting different errors. If I include the site URL on its own it says, "We could not authenticate with the given credentials. Double-check the URL, username and password.", but they're definitely correct.

If I include wp-login.php to ensure it's specifically trying to login via the right point, it says, "Error while performing a GET request to Wordpress settings ({exception})".

If I manually enter all the settings and API keys each on Wordpress and Flarum without the wizard and perform a health check, I also get different errors:

With wp-login.php defined: "Trying to access the Wordpress API resulted in an error: json_decode error: Syntax error"
Without wp-login.php defined: "Trying to access the Wordpress API resulted in a 401 error. Double-check the "Wordpress admin username" in Flarum and the "Flarum API Key" in Wordpress"

Am I correct in thinking that by defining wp-login.php Flarum is at least authenticating correctly with WP?

EDIT: Also, if one of my Flarum users signs on and they don't yet have an account on the Wordpress server, will it automatically be created and synchronised that way also?

clarkwinkelmann

troymccann the "Wordpress URL" must be the path to the root of the Wordpress install. It must not contain index.php or wp-login. See examples at https://kilowhat.net/flarum/extensions/wordpress#wordpress-url . /wp-login is automatically appended to the given url and can be customized via the "Wordpress login path" setting.

The Wizard only works if none of the settings in Wordpress have been filled yet.

I notice there is an issue in the error message. {exception} is supposed to be replaced by an actual message. I have just released version 1.3.3 to fix that. I have also made the JSON errors a bit more verbose so that we can hopefully know what is received. Can you try updating to 1.3.3 and copy the new error messages ?

Another hint in the meantime, are the Wordpress and Flarum websites on the same server ? They need to be able to make requests to each other via their public domain. You could check if that works by making a curl request from the server command line to the full URL of the website with HTTPS and see if that works.

troymccann Also, if one of my Flarum users signs on and they don't yet have an account on the Wordpress server, will it automatically be created and synchronised that way also?

No. Synchronisation is only from WP to Flarum. But if you make login WP-only, the user will have to create a WP account, and that new WP account will automatically be connected to the existing Flarum account with the same email. The WP SSO integration only applies to logins made from the WP login form. If you keep normal Flarum login or social login enabled, then those Flarum accounts will continue to work separately from Wordpress, until a Wordpress account is created with the same email.

benjaminschultz

Hey everyone - I've been on a journey to get this working on my site over the weekend. For anyone having these problems in the future, here's what I've had to do so far:

Move my flarum site from a separate domain to a subdomain of my wordpress domain because it seems in 2020 there is almost literally no way to share cookies between domains (this is a shame because with the prevalence of the new TLDs, I expect many sites will want to adopt something like "example.community" as their forum address). As an interesting note, stack exchange seems to have figured this out, but it does not appear to have been an easy process and they're not sharing the exact details.
I had the exact same problem as troymccann (and troymccann ) of getting the error "We could not authenticate with the given credentials. Double-check the URL, username and password." I spoke with SiteGround at some length and they could not figure out why I got a 401 error when trying to use the api token. Finally, while troubleshooting, I installed "miniOrange API Authentication" which gave a more verbose error. In their documentation they recommend the following specific instructions which fixed my problem (I had tried something similar before but I must not have put the code in just the right spot in .htaccess)

This error may occur because of server environment,If Apache server then put the below line in your htaccess file after the RewriteBase.

RewriteCond %{HTTP:Authorization} ^(.*) RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

If NGINX server then put the below line in your conf file.

add_header Access-Control-Allow-Headers "Authorization";

Finally, I can connect and get a "Health check good", now though I'm having the error upon user login: {"success":false,"data":[{"code":"http_request_failed","message":"cURL error 60: SSL certificate problem: unable to get local issuer certificate"}]} which was shared by [deleted]

[deleted] says it turned out to be a caching problem but I have cleared by siteground and cloudflare caches and confirmed the two sites are using the same SSL certificate from cloudflare. (According to chrome, at least)

What's my next troubleshooting step?

troymccann

clarkwinkelmann Thanks for the reply.

I followed the instructions in the examples, but they didn't work for me. I also tried the wizard before anything was entered in Wordpress, but the same errors happened (which is why I tried to enter them manually).

I just updated to 1.3.3 and removed the settings on both WP and Flarum before trying the wizard, and get the We could not authenticate with the given credentials. Double-check the URL, username and password. Check the documentation for more troubleshooting steps. message still. Unfortunately with no errors being recorded in the logs I'm not sure how else to diagnose the problem. Yes, I've checked and the servers can communicate via HTTPS, confirmed using cURL.

clarkwinkelmann

troymccann I'm really not sure what it could be. Make sure the Wordpress username is used, and not nickname or email.

Maybe the 401 is triggered by a proxy or firewall and not Wordpress. Once you manually configure the Wordpress side you could try running curl -u admin:token https://example.com/index.php?rest_route=/wp/v2/settings from the Flarum server command line to see the full error message. Replace admin with the Wordpress username you entered in Flarum, token with the "Flarum API Key" and example.com with your Wordpress URL.

It's also possible a Wordpress plugin is interfering. Could you share a list of the plugins, in particular if you have any that relates to security ?

troymccann

Yep, using the wordpress username of the admin, and I've copied the password from my password manager to be sure it's exactly correct. There's no proxy, and the firewall is open for HTTP and HTTPS on both servers. I tried temporarily disabling all plugins except yours to be sure, and the same error occurs.

I can cURL or use Postman to access any other route fine, but I get this with /wp/v2/settings:
{"code":"rest_forbidden","message":"Sorry, you are not allowed to do that.","data":{"status":401}}

Using Postman, I've tried both basic auth and using the Flarum API key as the bearer token (with and without the token pasted in the WP settings, since I'm not sure if that's what the token is being matched to), and I still can't seem to access /wp/v2/settings. 🤔

EDIT: As an aside, I can't believe how much data leakage WP let's through the REST API! Once I've sorted this auth issue out I'll definitely be restricting access to https://example.com/index.php?rest_route=/wp/v2/users, that should not be available by default without any authentication. 😐

EDIT 2: I'm at a loss. I can't seem to access the settings endpoint using admin accounts on any wordpress site I have control of. I've checked to confirm that the admin roles have the manage_options permission, and still, I can't get them to authenticate on that endpoint. Always returns a 401. Is anyone else on Wordpress 5.4 having this problem?

troymccann

A quick update for reference, it seems to be an issue with my Bitnami EC2 instance. That said, while others have managed to fix the same issue, I still can't after hours of trying.

Will have to leave this for now and come back another time. I think the solution is going to be migrating to a new server without the Bitnami bloat.

https://community.bitnami.com/t/setting-up-api-access-to-wordpress-on-aws-ec2-instance/60589/7

clarkwinkelmann

troymccann my extension does something very similar to https://github.com/WP-API/Basic-Auth during the initial configuration, so if there are issues with Basic Auth, there will most likely be issues with my extension.

Right now the provided Wordpress user must be able to read and write options via the API for the wizard and health check to work. It's however not required for the integrations to work.

For SSO integration, the Wordpress admin username is actually not required, it's never used. Flarum never makes API requests to Wordpress for SSO.

For the comments integration, the admin username must be able to edit WP posts via the API.

I plan to rewrite that in a future release to add custom Wordpress API endpoints for this extension that won't require authenticating as a WP user at all.

clarkwinkelmann

I have just published a video introduction to the extension features.

My website has also been updated to offer the new install instructions and links for Extiverse (which replaces flagrow.io) https://kilowhat.net/flarum/extensions/wordpress

The price stay the same, though any tax/VAT is now included in the $5/month, so it might be a tiny bit cheaper if you cancel your flagrow.io subscription and move to Extiverse.

troymccann

Thanks, @clarkwinkelmann . I took the time yesterday to rebuild a new server, avoiding Bitnami, and migrated WP across. Your plugin worked instantly using the new server setup and I can authenticate with REST without any mods needed on the server.

As an aside, the Bitnami setup is terrible to work with given everything is installed in unexpected locations in strange ways. One example, after a day of trying I discovered that there's really no way to do something as simple as update PHP. They expect you to create a new container with the updated packages, if it exists, and migrate everything across. Anyway, all fixed now!

I really like this extension. Thanks mate.

clarkwinkelmann

troymccann thanks for the feedback!

[deleted]

@clarkwinkelmann great video. This will go a long way to providing visual feedback and a "configure as you watch" capability.

« Previous Page Next Page »