=== WP Setu - WordPress API Gateway === Contributors: vijayatech Tags: api, rest, automation, n8n, pabbly, make, zapier, webhook Requires at least: 6.0 Tested up to: 6.8 Stable tag: 1.1.1 Requires PHP: 7.4 License: GPLv2 or later License URI: https://www.gnu.org/licenses/gpl-2.0.html
Seamlessly connect WordPress with external automation tools through secure REST API endpoints.
== Description ==
WP Setu (meaning "bridge" in Sanskrit) is a powerful WordPress plugin that acts as a gateway between your WordPress site and external automation tools like n8n, Pabbly Connect, Make (formerly Integromat), Zapier, and other webhook-based services.
= Key Features =
- Upload Media from URLs - Directly upload images and files from external URLs to your WordPress Media Library
- Create Posts Programmatically - Create posts, pages, and custom post types via REST API
- List Available Post Types - Get information about all available post types for integration
- Secure by Design - Built with WordPress security best practices and input validation
- Flexible Authentication - Supports both dedicated API keys and standard WordPress authentication.
- Granular Control - Enable or disable the entire API or individual endpoints from the settings page.
- Developer Friendly - Clean, well-documented code following WordPress coding standards
= Use Cases =
- Automatically import content from external sources
- Create posts from form submissions on other platforms
- Sync content between multiple WordPress sites
- Integrate with e-commerce platforms for product creation
- Build custom publishing workflows with external tools
= API Endpoints =
The plugin provides three main REST API endpoints:
POST /wp-json/setu/v1/upload-media- Upload media from external URLsPOST /wp-json/setu/v1/create-post- Create posts of any typeGET /wp-json/setu/v1/post-types- Get available post types
= Security Features =
- Input sanitization and validation
- File type checking for uploads
- User permission verification
- URL validation to prevent SSRF attacks
- Request logging for security auditing
== Installation ==
- Upload the plugin files to the
/wp-content/plugins/wp-setudirectory, or install the plugin through the WordPress plugins screen directly. - Activate the plugin through the 'Plugins' screen in WordPress
- The REST API endpoints are immediately available after activation
- Use your preferred automation tool to connect to the endpoints
== Frequently Asked Questions ==
= How do I authenticate API requests? =
The plugin provides two primary methods for authentication:
- API Keys (Recommended for External Tools): From the plugin's "Authentication" settings tab, you can generate dedicated API keys. These are ideal for services like n8n, Pabbly, and Make, as they are independent of user accounts. The key should be sent in the
Authorizationheader as aBearertoken. - Standard WordPress Authentication: The plugin also supports any standard WordPress authentication method, such as Application Passwords or cookie authentication for logged-in users. This is treated as a fallback if no API key is provided.
= What file types can I upload via the media endpoint? =
The plugin respects WordPress's allowed file types setting. By default, this includes common image formats (JPEG, PNG, GIF, WebP) and other media files allowed by your WordPress installation.
= Can I create custom post types? =
Yes! The plugin can create posts of any registered post type, including custom post types created by themes or other plugins.
= Is the plugin secure? =
Yes, security is a top priority. The plugin includes:
- Comprehensive input validation and sanitization
- File type and size checking
- User permission verification
- Protection against common attacks like SSRF and XSS
== Changelog ==
- Refactored the
create-postendpoint to extend the core WordPress REST API controller. It now supports all native post parameters (e.g.,tags,categories,meta) while retaining its customfeatured_media_urlfunctionality. - Improved error logging for the
create-postendpoint to clearly distinguish between WP Setu media handling errors and core WordPress errors.
- A dedicated API Key authentication system, which is the recommended method for external services.
- A comprehensive settings panel with a tabbed interface for General, API Control, Security, and Authentication.
- A master switch to enable or disable all API endpoints globally.
- Individual controls to enable or disable each specific API endpoint.
- The
X-Setu-Auth-Methodheader is now included in all successful API responses to show how the request was authenticated.
- Resolved several bugs related to authentication, settings management, and response headers.
- Modifications to
upload-mediaandcreate-postendpoints.
- Upload media from external URLs
- Create posts programmatically
- List available post types
- Security improvements and WordPress coding standards compliance
- Comprehensive error handling and validation
- Media upload functionality issues
== Upgrade Notice ==
= 1.1.1 =
This version enhances the create-post endpoint to support all native WordPress post parameters, making it much more powerful. The update is backward-compatible.
= 1.1.0 = This is a major feature release that introduces a dedicated API key system, a full settings panel for granular control over endpoints, and numerous bug fixes. It is highly recommended to update.
= 1.0.2 =
This version includes updates to the upload-media and create-post endpoints.
= 1.0.0 = Initial stable release with secure REST API endpoints for WordPress automation.
== Developer Information ==
= Company: atharva Labs =
- Website: https://wpsetu.com
- Support: namaste@wpsetu.com
- Product Page: https://wpsetu.com/
= Hooks and Filters =
The plugin provides several hooks for developers:
setu_media_uploaded- Fired after successful media uploadsetu_post_created- Fired after successful post creationsetu_api_request_logged- Fired when API requests are logged
= Contributing =
We welcome contributions! Please ensure your code follows WordPress coding standards and includes appropriate security measures.