I hope you are all well. I figured this deserves a post, so here I am.
I've only recently discovered Zapier and the insane possibilities it affords, which is fantastic in and of itself. However, I feel like some pre-built connections are dangerous, such as the one I'll be covering in this post. They shouldn't be the standard solution for anyone not savvy enough to know it might do some serious harm.
In this scenario, I'm talking about the WordPress Integration offered by Zapier. Personally, I was hoping to connect Zapier to my blog in the hopes of setting up some automation for sharing new posts to various social feeds. So, I found the app on Zapier, and there's a template for that, cool right? We will see...
So I set about connecting Zapier and WordPress together. It asks for four things primarily.
- Download the Zapier Plugin -> Link Here.
- Include your root URL without any slugs -> https://www.example.com/
- Include your WordPress username or email -> John Smith
- Include the password you use to sign in. -> *******
And boom! - Supposedly, except I ran into the following error;
Authentication failed: WordPress ran into an issue. Error code 403:
Uhuh, typical. (At least in my experience.) nothing ever works the first time, right?
So, I ventured over to community.zapier.com and found a similar issue another Zapier user was facing, linked here. The user expresses that they are also experiencing a 403 error, and they've tried a bunch of fixes, but nothing seems to do the trick.
Support does step in and offer a solution that highlights the precise area I take folly with. Specifically, We need the XML-RPC file to be active; that is how we connect to your WordPress site.
Why do I pick a fight with this part in particular? Well, that's because the XML-RPC file is a relic of the B2 Blogging software, which was forked to make WordPress back in 2003. And it's still there, even though XML-RPC is mainly outdated.
The REST API has superseded XML-RPC. You should disable xmlrpc.php on your site because it introduces security vulnerabilities and can be the target of attacks.
You can read more on this topic on kinsta. Link here.
So why is a Zapier still peddling an archaic solution to a modern problem with modern tools at their disposal? - I suppose that is the question I have in this long post. I'd be eager to hear why XML-RPC is explicitly used and when they plan on updating the process.
I think it's wrong to use such an approach, primarily since 43% of the web uses WordPress. Most WordPress users don't really understand the dangers of using depreciated solutions. I think Zapier also has a responsibility to protect its users from that.
Until then, I think I'll steer clear of connecting my WordPress site to Zapier, at least until they modernise this template.
So, yeah. Sorry about the rant. Felt like I needed to vent a little.