Flab I don't remember 100% and I'll need to check the code again but it's possible that the thumbnail settings only apply to new and updated WP posts.
Once I implement the import tool, it will also solve this issue as it will allow re-syncing all post previews in addition to the comment threads.
hrvoje_hr Thank you for your kind offer. You will find a sample posting with strange looking picture over https://kominote.de/d/42-zusammen-f%C3%BCr-mehr-respekt
clarkwinkelmann The new import tool sounds great.
I still have the login problem when I want to login from the comment section at the wordpress site. Does this log file from storage/log help?
https://paste.quest/?56772ec7b1af43bd#8BTy3qZwSwDSBc49p2rLhGApzsp4KPE2MY9K4HZQoYYR
Flab I still have the login problem when I want to login from the comment section at the wordpress site. Does this log file from storage/log help?
It seems unlikely that those errors are related to login. The 3 WP logs are just information and not errors. The 2 instances of the same error must have happened during the deletion of a post.
The post deletion error is curious because I haven't seen it before. I'm not sure if it could be caused by my extension. It's probably caused by either discussion_user.last_read_post_number or discussions.last_post_number being NULL. This could be caused by malformed data after migrating from another software, or is related to posts/discussions that have been manually created by an extension, possibly my WP extension. I would need to test on my development server to see if I observe this issue.
Can you share your php flarum info and confirm whether you migrated data from another platform? Also if you remember deleting Flarum posts, do you remember if it was inside a WP comment thread or unrelated?
Hi Clark,
Another quick FYI type update re WP Integration.
As you know, I have been trying to create a clean integration with the login / membership account page on the WP side.
I am coming to the conclusion that there are limited options to fully accomplish this and that it is better to stay in the normal WP fold with things.
So I have:
By doing this, the correct SSO behavior is also again working completely. Meaning, when you login on one side, you are in the other and the same for logout side.
Yes, it does POP up the WP login modal, but it is now customized to show some icon related to my main site, and seems "integrated enough". Forcing users to first go to the main site to login, and then go back to what they wanted to do also seems like a hassle for user experience anyway.
I am hiding the KiloWhat login button with display none in CSS, because there are enough Login options that show up at the Post level anyway. Meaning, the Login to see Replies from your See Past First Post extension, or the normal Login to Reply button from the normal theme.
On my "menu bar", I still have three custom buttons of which two are visible to users at one time.
Forums - is the home button as I am not displaying a logo here
Main Site - will link to the Membership login page for visitors using the Links extension
Main Site - will link to the normal home page of the WP site for logged in users.
In short: using your WP Integration extension AS YOU DESIGNED IT, hiding a Login button, and adding a few menu bar buttons, along with a bunch of custom CSS to integrate the forums look and feel with the main WP site seems like the way to go.
And then using the See Past First Post aka Show Only the First Post extension makes it a solid solution for clean integration with a membership site.
Just wanted to share as I am getting another step closer to installing this on my live site as described.
Cheers!
I cant say exactly which Flarum posts I was deleting.
Here is my php flarum info
I do have now a second storage/log Maybe this one can help?
One more thing. Maybe this problem is connected with the "cant Login from the comment section in wordpress" Or maybe not.
Flarum and Wordpress are installed on two different domains. Like myflarumsite.com and mywordpresssite.com. Normally when login out of wordpress I get redirected to: mywordpresssite.com/blog/wp-login.php?loggedout
Since the Flarum Plugin in Wordpress is activ, I get redirected to: myflarumsite.com/wordpress
A error page occurs with something like "could not find this site, back to myflarumsite.com"
Flab officially, using multiple root domains is not supported (see Requirements section of my documentation), because the main SSO mechanism is a cookie set to the top level domain that must be accessible to both WP and Flarum.
Something I should add to the documentation is that the common domain is only a requirement for the SSO feature. The comments integration by itself will work no matter the domain names.
It might work when logging in from a certain direction due to how it's implemented, but I am not entirely sure in which circumstances it will work, I would have to do some tests.
I might be able to add an option to make SSO cross-domain work, but it will involve one more redirect on every login. Currently, global login is done through cookie (because it's more performant and less chance of breaking due to WP plugins), and global logout is done through redirects (because it's the only way to be certain both sessions are deleted).
My goal: Users on my blog site (they dont have or need a wordpress account) can comment the article. Therefore they can register or login in the comment frame below the wordpress article. So I dont know if im right, I think therefore I dont need SSO? I disabled SSO.
With SSO disabeled or enabled its not possible at the moment to leave a comment in the frame below the wordpress post.
Flab that's correct. If your users don't need a WP account for any WP features, it's better to leave the SSO feature off and simply let users connect using native Flarum login and/or Flarum social login extensions.
You should be able to connect and reply directly from the iframe on the WP side. If it doesn't work, maybe the Flarum hosting needs some additional headers to allow the cross-domain embedding of the iframe. My extension doesn't add such headers, as they depend on the exact situation and are easy to add using Apache or Nginx rules.
I'd really like to add a section about headers to my documentation but I have a hard time figuring out all the use cases I should cover. And it seems like every time I finally have some instructions written, browsers update their security requirements and I have to research everything again 
clarkwinkelmann You should be able to connect and reply directly from the iframe on the WP side. If it doesn't work, maybe the Flarum hosting needs some additional headers to allow the cross-domain embedding of the iframe. My extension doesn't add such headers, as they depend on the exact situation and are easy to add using Apache or Nginx rules.
I don't know really know what exactly to do. Is there any chance I can get the extension to work with my limited technical knowledge? Where and how do I add headers? Any hint is much appreciated.
This is a major release. Please read this announcement and execute the migration commands listed below.
Thanks to everyone who sent feedback in these last few months, I hope this update addresses most of your needs!
This update requires a few additional steps. The extension will not work as intended if you skip them.
If you have some sort of maintenance mode, I suggest enabling it so no user tries to login or post during the update. But it should only take a few minutes and most features of WordPress and Flarum should continue to work even if you haven't finished to update both sides yet.
Update the WordPress plugin. The download link is available under the WordPress changelog.
First update the package (require will make sure you bump the major version):
composer require kilowhat/flarum-ext-wordpressThen open the Flarum admin panel, and enable the "Backoffice" extension which will have been automatically installed.
Enabling this new extension should have automatically run the migrations and cleared the cache, but you can run them again to be sure:
php flarum migrate
php flarum cache:clearAnd finally, after having updated both the WordPress plugin and Flarum extension, run the following command on the Flarum server to migrate the settings to their new names and invalidate the old API Key:
php flarum kilowhat-wordpress:migrate:v2The command will list the actions that are about to be performed and ask you to accept. Press Enter to continue, or use the --no-interaction CLI flag when calling the command to skip confirmation. The command can be run again without any danger.
That should be it! You can then check out the settings in the Flarum admin panel if you wish to enable the new features.
If you encounter any error during the update process, please reach out.
I have completely rewritten the way Flarum and WordPress communicate together.
Previously, a Flarum API Key was used and also behaved like an API Key on the WordPress side, meaning a compromised key would allow performing any admin action on both Flarum and WordPress, resulting in a complete compromise of both sites.
The new implementation uses a shared key that only authenticates synchronisation requests.
If that key were to be compromised, it would at worst allow an attacker to create bogus discussions under the tags configured for WordPress comment threads. Or when the SSO feature is used, it would allow creating bogus user accounts but won't be able to give them arbitrary groups (but if you use role to group synchronisation, they could assign any of those groups).
This change was made to follow best practices, I don't have any report of the old system being abused.
For the key to be stolen in the first place, one of WordPress or Flarum (or their respective backups) would probably have to be compromised. The new system ensures my extension cannot be used as a vector to compromise the other website in case one is compromised.
In addition to the cookie-based global login previously used by the SSO module, 2 new methods have been added.
These new methods remove the requirement to host WordPress and Flarum on a common top level domain.
Redirect uses a redirect after the first login from WordPress to connect Flarum.
Iframe uses a hidden iframe and the PostMessage web API to enable cross-origin communication between Flarum and WordPress and offer a one-click login, or optionally login through an automatic client-side page refresh.
See the documentation for the pro and cons of each method.
I have performed many tests for cross-origin support. I added more built-in headers that you don't have to setup manually and created a section in the documentation about what must be done manually.
Unfortunately, the main conclusion of these many tests is that the setup will be infinitely easier if you stick to a common top-level domain.
Despite the improvements, global login and interacting with the comments in the iframe probably won't work in private browsing or privacy-enhanced mode in most browsers.
As part of the SSO feature, you can now automatically assign groups to Flarum users based on their WordPress role.
You can now manually force a synchronisation of all posts or users. Useful if you have a lot of data already in WordPress before enabling the integration.
Check out the help page for the commands and the online documentation.
php flarum help kilowhat-wordpress:sync:posts
php flarum help kilowhat-wordpress:sync:usersPreviously, the SSO and Comments features had to be toggled on both Flarum and WordPress side.
In this new version, toggling a feature from the Flarum admin panel will automatically toggle it on WordPress side as well.
Congrats Clark on this major leap forward with the WP-Flarum integration. I will be implementing it on my test site ASAP and likely my main site this weekend, and share any feedback.
For those who are new to this discussion and that are looking for the BEST forum option for a WordPress site: do yourself a huge favor and explore Clark's solution here.
I use it specifically for the SSO capabilities, but not the Comments functions.
Compared to bbpress, Asgaros or WP Foro as "native" Wordpress forums, integrating Flarum with Wordpress results in a much, much nicer discussion platform, that is WAY more modern too.
I also like having a hard split between my "content side" on WP with its plugins, database, theme, etc, and having the "discussion side" entirely separated into another installation, which I can backup independently, etc.
Clark's software easily and nicely integrates the two and I have the forum.sitename.com approach for my setup.
Will report back here with any insights after performing two upgrades by this weekend!
As a quick update, I have been able to successfully update three forum sites to Clark's new 2.0 version of the WordPress Integration software. One is a test site, one is a private forum for a work team to discuss and track team topics, and the 3rd is a forum I recently added to a public content site.
In the process of making the transition from the WP Integration 1.5 to 2.0 setup, I learned some really good lessons and shared those with Clark directly. It sounds like he will add more information to his Update Instructions on his KiloWhat site.
As a preview of those details, the key learnings for my sites were:
update your Flarum site and extensions with Composer first, so that there are no unforeseen other issues to deal with when you follow Clark's update steps to the v2 WP Integration extension. See here: https://docs.flarum.org/update
if you have a Flarum install that uses the /Public directory approach, first migrate your Flarum setup to work without the /Public folder. The essence of making this happen is described in the Customizing Paths info of the Flarum docs pages. Clark's WP Integration software seems to prefer this, and frankly, the Flarum URLs without the /public in it look nicer too. See here: https://docs.flarum.org/install/#customizing-paths
make sure you have a clean Apache (as applicable) rewrite and web server redirect setup in place, so all HTTP and WWW URL activity is redirected to only HTTPS. I found out that I had been sloppy on my webserver CPanel with some options and that a cleaner way is to add some clever code to the .htaccess file directly instead. I used the code from here to do so: https://simonecarletti.com/blog/2016/08/redirect-domain-http-https-www-apache
clear out your entire browser history after removing the Public folder piece, and any redirect changes. That ensures that your browser is not trying to go to URLs that no longer work AFTER you make these changes. I had some browser URL confusion going on, and then it LOOKS like there is still a problem with your Forum still wanting to go to the /Public location, but there really is not.
check that your Flarum site is configured correctly and securely at https://lab.migratetoflarum.com/ and shows you an A+ result. Before I did the things described here, I definitely had exposed folders and URL issues from misconfigured redirects (moving HTTP with WWW to HTTPS with WWW, but not removing the WWW). Anyway, I think it is great that Clark also has the scanner tool available and I find it comforting to see the A+ ratings now, instead of the Ds I had before...
Again, I think Clark will provide expanded upgrade and migration details but wanted to share the summary findings here right away.
As I have stated before, ADDING a Flarum forum to a WordPress site is a REALLY terrific way to get a forum in the mix that uses the WP Login and Accounts to create the SSO setup.
Clark's WordPress Integration software makes it work VERY SMOOTHLY and it marries the best of the WP world with the most modern and highest-performing Forum platform you can easily get going as a site admin.
Wanted to share this information here so anyone who is looking for WordPress Forum Integration with Flarum can benefit from these 5 insights I gained while doing my WPI updates!
Are there any changes to the installation after switching from extiverse.com to Flarum.org?
This point is especially unclear now:
If this is your first premium extension purchase from Extiverse, follow the “Composer configuration” instructions available at https://extiverse.com/premium/subscriptions
On flarum.org there's no “Composer configuration instruction” anymore.
Anomalien there's a button Instructions which helps you generate a token and set up composer to use it. Complete changes and how to move to Flarum.org are here:
https://discuss.flarum.org/d/32812-the-future-of-flarum-in-2023-balancing-open-source-and-success/61
I have issue when trying to install:
In PackageDiscoveryTrait.php line 364:
Could not find a matching version of package kilowhat/flarum-ext-wordpress. Check the package spelling, your version constraint and that the package is available in a stability which matches your minimum-stability (stable).EDIT: I forgot to update the composer.
After installation backoffice is not working because its url pointing to main domain insted of forum.
Must be: ***en.com/forum/backoffice/extension/flamarkt-backoffice
Now: ***en.com/backoffice/extension/flamarkt-backoffice
Also I'm not seeing any wizard.
How to fix it?
Anomalien I am aware there might be a problem with subfolder installation. I have not been able to test yet. There is unfortunately no workaround. Either rollback to 1.x if you haven't run the migrate command yet, or manually change the settings by editing the database. If you ran the migrate command, everything should continue to work as before even if you can't access the settings.
clarkwinkelmann Can you please tell me how I can rollback to 1.x? Also do I need different wordpress plugin (not 2.0) to work with 1.x version?
I'm still confused. So if I have my flarum on domain.com/forum instead of domain.com I can't use the plugin?
I also want to clarify that I did not even go through the wizard tab as nothing appeared. I couldn't set the settings.