About Zapier Community
New to our Community? Get to know more about our space and how to make the most of your time here.

Code of Conduct Community FAQ's Zapier Common Questions What to Expect

Get Started With Zapier
New to Zapier? We have got you covered with our Zapier 101 Resources.

Zapier Essentials

Get Support
Have a question? Let's get you an answer!

How Do I...? Troubleshooting Code & Webhooks Developer Zone

Other Help Resources
Wait, there's more! Check out these Community sourced spaces for additional resources.

Zapier Help Center Hire an Expert

Zapier Reading
All of our best learning resources can be found here.

Featured Articles Show & Tell AI Hub Zapier Tools Hub

Learning Groups
Excited to meet other builders? Check out our interest areas full of doers, dreamers, and in-betweeners.

User Groups

Other Learning Resources
Some of our favorite additional ways to upskill your Zapier knowledge.

Zapier Learn Zapier Blog Zapier Webinars

Product Updates
Check out what is new and upcoming with Zapier with our regular product updates.

Product Updates

Early Access Program
Want to join Early Access? Learn more here.

Question

Zapier Wordpress Integration - 403 Access Error.

  • 23 March 2022
  • 4 replies
  • 1045 views
Beaniie

Hey there, 👋

I hope you are all well. I figured this deserves a post, so here I am.

I've only recently discovered Zapier and the insane possibilities it affords, which is fantastic in and of itself. However, I feel like some pre-built connections are dangerous, such as the one I'll be covering in this post. They shouldn't be the standard solution for anyone not savvy enough to know it might do some serious harm.

In this scenario, I'm talking about the WordPress Integration offered by Zapier. Personally, I was hoping to connect Zapier to my blog in the hopes of setting up some automation for sharing new posts to various social feeds. So, I found the app on Zapier, and there's a template for that, cool right? We will see...

So I set about connecting Zapier and WordPress together. It asks for four things primarily.

  1. Download the Zapier Plugin -> Link Here.
  2. Include your root URL without any slugs -> https://www.example.com/
  3. Include your WordPress username or email -> John Smith
  4. Include the password you use to sign in. -> *******

And boom! - Supposedly, except I ran into the following error;

Authentication failed: WordPress ran into an issue. Error code 403:

Uhuh, typical. (At least in my experience.) nothing ever works the first time, right?

So, I ventured over to community.zapier.com and found a similar issue another Zapier user was facing, linked here. The user expresses that they are also experiencing a 403 error, and they've tried a bunch of fixes, but nothing seems to do the trick.

Support does step in and offer a solution that highlights the precise area I take folly with. Specifically, We need the XML-RPC file to be active; that is how we connect to your WordPress site.

Why do I pick a fight with this part in particular? Well, that's because the XML-RPC file is a relic of the B2 Blogging software, which was forked to make WordPress back in 2003. And it's still there, even though XML-RPC is mainly outdated.

The REST API has superseded XML-RPC. You should disable xmlrpc.php on your site because it introduces security vulnerabilities and can be the target of attacks.

You can read more on this topic on kinsta. Link here.

So why is a Zapier still peddling an archaic solution to a modern problem with modern tools at their disposal? - I suppose that is the question I have in this long post. I'd be eager to hear why XML-RPC is explicitly used and when they plan on updating the process.

I think it's wrong to use such an approach, primarily since 43% of the web uses WordPress. Most WordPress users don't really understand the dangers of using depreciated solutions. I think Zapier also has a responsibility to protect its users from that.

Until then, I think I'll steer clear of connecting my WordPress site to Zapier, at least until they modernise this template.

So, yeah. Sorry about the rant. Felt like I needed to vent a little. 😅

-B

A wise man once said, - "Have you cleared your cache?"
This post has been closed for comments. Please create a new post if you need help or have a question about this topic.

4 replies

Troy Tessalone
Userlevel 7
Badge +14

Hi @Beaniie 

Thanks for sharing.

FYI: Most apps on Zapier are built and maintained by the app developers themselves, altho I’m unsure who owns the WordPress Zap integration (WordPress or Zapier).

Best to submit feedback and feature requests via a ticket to Zapier Support to be logged: https://zapier.com/app/get-help

⚡ Troy Tessalone - AutomationAce.com | Premier Certified Zapier Expert | #1 Zapier Community Contributor
christina.d
Userlevel 7
Badge +9

Hi @Beaniie!

Thanks for taking the time to write up such a thoughtful post!

I did some digging and it appears this response may have been in response to the Legacy version of our WordPress app, which does use a XML-RPC connection. The newer version of our WordPress app does use REST API! That said, it requires a plugin in order to use the integration, which means only users on a paid plan (one that allows for plugin installation) have access. The Legacy version, while it does use an XML-RPC connection, doesn’t have this requirement and can be used by anyone including those using the WordPress hosted accounts.

All of this to say, we’ve kept both versions of the app available so users can choose the integration that works best for them!

I hope the context helps! We appreciate you reaching out. 🤗

Beaniie

Hi @Beaniie!

Thanks for taking the time to write up such a thoughtful post!

I did some digging and it appears this response may have been in response to the Legacy version of our WordPress app, which does use a XML-RPC connection. The newer version of our WordPress app does use REST API! That said, it requires a plugin in order to use the integration, which means only users on a paid plan (one that allows for plugin installation) have access. The Legacy version, while it does use an XML-RPC connection, doesn’t have this requirement and can be used by anyone including those using the WordPress hosted accounts.

All of this to say, we’ve kept both versions of the app available so users can choose the integration that works best for them!

I hope the context helps! We appreciate you reaching out. 🤗

Hi @christina.d,

Thanks for taking the time to do a little more digging and sharing your findings; I appreciate it. 👌

However, while I agree with supporting legacy solutions, I still strongly feel that keeping robust security solutions behind a paywall is a little inappropriate, especially for a platform with such a significant user base as Zapier.

As I eluded to in my post, most WordPress users aren't knowledgeable enough to know that the legacy solution you are pushing is open to attacks. At the very least, a disclaimer should be added during the set-up process, detailing the dangers of using such a process.

If there is a more up to date REST solution, I will do a little digging myself and take a look. Thanks for the update. 😁👍

-B

A wise man once said, - "Have you cleared your cache?"
christina.d
Userlevel 7
Badge +9

Most definitely, @Beaniie. Appreciate you being open to having a dialogue and sharing your candid thoughts! 

I did want to mention the paid plans to install plugins are a WordPress requirement, rather than a Zapier one. That said, the disclaimer is a valid recommendation and I’m happy to pass it along to the team!

Please continue to let us know if you have any questions or feedback. We’re always happy to help. 🙂

Terms & Conditions