=== WAC POST === Contributors: desarrollowac Tags: rest-api, seo, yoast, rankmath, posts Requires at least: 5.0 Tested up to: 6.9 Stable tag: 4.1.3 Requires PHP: 7.0 License: GPL-2.0-or-later License URI: https://www.gnu.org/licenses/gpl-2.0.html The WAC POST plugin registers secure endpoints to create and manage posts from the WeAreContent platform with full SEO integration. == Description == The **WAC POST** plugin provides a robust integration between the WeAreContent platform and WordPress sites. It registers two specialized REST API endpoints designed for secure, high-performance content delivery. These endpoints are strictly protected by a three-layer security model: 1. **IP Whitelisting:** Access is only granted to authorized IP addresses (local and remote dynamic lists). 2. **Application Key:** Every request must include a valid `X-WACPO-App-Key` header. 3. **Role Validation:** Only users with Editor or Administrator permissions can execute the operations. **Available Endpoints:** * `POST /wp-json/wac/v2/create-and-seo-post`: Create new posts including featured images, secondary media, and full SEO metadata. * `POST /wp-json/wac/v2/postsys`: Update SEO metadata and keywords for existing posts. == External Services == This plugin relies on external services provided by WeAreContent to ensure secure integration and media processing. By using this plugin, you acknowledge and agree to the terms of these third-party services: 1. **WeAreContent Auth-IP List:** - **Service:** A remote security list hosted at app.wearecontent.com. - **Purpose:** Provides a dynamic list of authorized MD5 IP hashes to secure REST API endpoints via IP Whitelisting. - **Data processed:** The plugin only fetches security hashes from the server; no user or website data is transmitted to WeAreContent during this process. - **Terms of Service:** https://www.wearecontent.com/terminos-y-condiciones - **Privacy Policy:** https://www.wearecontent.com/tratamiento-de-datos 2. **WeAreContent Media Server:** - **Service:** A dedicated media hosting platform (files.wearecontent.com). - **Purpose:** Allows the plugin to download and sideload featured images and extra media assets directly into the WordPress library. - **Data processed:** The plugin performs a secure download of media files to the local server; no personal user data is sent to the external host. - **Terms of Service:** https://www.wearecontent.com/terminos-y-condiciones - **Privacy Policy:** https://www.wearecontent.com/tratamiento-de-datos == Features == * **Secure REST Endpoints:** Dedicated points for content creation and metadata updates. * **IP Security & Proxy Support:** Advanced detection of real client IPs behind Cloudflare, Nginx, or other proxies. * **Custom Authentication:** Secure header-based validation via a unique Application Key. * **SEO Integration:** Automatic mapping of metadata for both **Yoast SEO** and **RankMath SEO**. * **Automated Media Management:** Downloads and attaches featured images and in-content media from authorized hosts. * **Smart Taxonomy Handling:** Automatically creates categories and tags if they do not exist on the site. * **Privacy Ready:** Includes suggested text for the site's privacy policy regarding technical data processing. * **Translation Ready:** Fully internationalized with support for multiple locales. == Installation == 1. Upload the plugin folder to the `/wp-content/plugins/` directory, or install the plugin through the WordPress plugins screen directly. 2. Activate the plugin through the 'Plugins' screen in WordPress. 3. Go to **Settings > WAC Post** to configure your application key, IP whitelist, and image server. == Frequently Asked Questions == = How is endpoint security guaranteed? = Access is restricted by three layers: a custom Application Key (`X-WACPO-App-Key`), IP address validation (via local and remote whitelists), and user capability checks (Editor or Admin). = Which SEO plugins are supported? = The plugin automatically detects and maps SEO titles, descriptions, and focus keywords for **Yoast SEO** and **RankMath SEO**. = Is it safe for the plugin to download external images? = Yes. The plugin uses a whitelist of allowed hosts (e.g., `files.wearecontent.com`), validates MIME types, and checks file sizes before processing and adding them to the library. = Does the plugin handle data privacy? = Yes. It includes a privacy policy content generator to inform users about technical data processing and authorized external connections. = What happens if a post category does not exist? = The plugin will automatically create the category or tag using the name or slug provided in the REST request. == Screenshots == 1. WAC Post settings page where security , IP whitelist and image server. == Changelog == = 4.1.3 = * Added management menu in the admin dashboard. * Implemented full internationalization (i18n) support. * Optimized security logic and code standards for WordPress.org compliance. = 4.1.2 = * Added support for detecting real client IP behind proxies/CDN (Cloudflare, Nginx, etc.). * Added support for RankMath SEO integration. * Improved logging for IP detection debugging. = 4.1.1 = * Added IP restrictions and dynamic remote validation. = 1.0.0 = * Initial plugin release.