This is a Wordpress Plugin that adds JSON endpoints for creating, listing, and deleting sites on multisite.
This plugin aims to be simple to make Wordpress polyglot environments not only possible, but practical. I'm not the best at PHP, Ruby and Go are more my thing, hence why I'm making this API. Contributions are greatly appreciated.
These are a wishlist, please submit a PR for this if you are interested!
- TODO: Add some configuration options.
- TODO: Add
full-stack-test.phpto make a MySQL connection and verify the whole stack loads faster and more efficient than trying to do a full page rendering for your uptime checks.
This is theoretically compatible with PHP 5.4 and higher. However, upgrading to phpunit required that I make tests require PHP 7.2+. So, it's probably still fine to run this on something less than 7.2, but since I can't get working tests on that version, I don't recommend it.
We are currently testing only on php 8.1.
Make sure you limit access to the enpoints! You should not allow any yahoo off the internet to scan your site and look for these endpoints. I highly recommend some sort of .htaccess or nginx configuration settings to deny access to all but the local addresses you use for the API clients.
Something like this maybe:
Apache:
<Location /srv/wordpress/wp-content/plugins/multisite-json-api/endpoints>
DenyFrom All
AllowFrom 127.0.0.0/24 10.0.0.0/8
</Location>
Nginx:
location /wp-content/plugins/multisite-json-api/endpoints {
deny all;
allow 127.0.0.0/24 10.0.0.0/8;
}
Also, as of right now all user names and passwords are passed through HTTP headers. That means SSL is pretty much mandatory.
All of the enpoints require you to authenticate with an existing wordpress user. Currently all require the superadmin role, but that may change.
Username and password are passed with the HTTP headers User and Password respectively. These are plain text so you need to be using SSL (which you are doing already right?).
- URL:
/wp-content/plugins/multisite-json-api/endpoints/create-site.php - Method: POST
- Payload example:
{"email": "[email protected]", "site_name": "awesomeblog", "title": "Awesome Blog", "password":"123456"} - Description: Creates a site. If the email address does not exist this will create a new user with that email address. The
site_nameis the path or subdomain you would like to use, password is optional, if not set will fallback to a random generated one.
- URL:
/wp-content/plugins/multisite-json-api/endpoints/list-sites.php - Method: GET
- Payload example: No payload, only GET variables
- GET Variables: public, spam, archived, deleted
- Description: Lists sites by wordpress tags. All of the variables are boolean 0 or 1, and will list sites where that variable is set to the boolean provided. For example:
?public=1&deleted=0will list all sites that are public but not deleted.
- URL:
/wp-content/plugins/multisite-json-api/endpoints/delete-site.php - Method: DELETE
- Payload example:
{"blog_id": 49, "drop": false} - Description: Deletes a site. If
dropis set totrue, wordpress will remove the site from the database completely. Otherwise, the only thing this does is to set thedeletedattribute on the site totrue.
Used the great Wordpress boiler plate template to get this thing off the ground.
Same as WordPress GPLv2.