I’m creating a new plugin for WordPress that requires an outside website to use a web service. For instance, if there are two sites, A and B, the plugin will be installed on A with all associated data stored in the WordPress database for Site A. Site B will use the web service to grab data in XML format from Site A.
Is this possible? What would be the most secure way of pulling this off?
I could just have the web service as a PHP file in my plugin, but that’s going to require the outside domain to hit something like:
http://www.example.com/wp-content/plugins/plugin-folder/web-service.php. It seems like a bad idea to expose the level of depth of the WordPress setup.
I could have my plugin create a few files in the root so that the web service call would be to http://www.example.com/web-service.php, but having my plugin install stuff outside of the plugin directory also seems like a bad practice.
Another thought: Could I put the file in my plugin folder, but add a line in file .htaccess to make http://www.example.com/web-service.php go to it?
What is the best, most secure way to go about this?
I would set up a rewrite rule in .htaccess to let the user get to your code without knowing where it is. I don’t think there is an easy way to add specific routes to the WordPress front controller, but you could see if there is an action or filter to do that.
Here’s a post on adding routes: How can I create custom URL routes?
In my personal opinion, if I installed a WP plugin and you created a new file in my root directory, I would either delete the file or the plugin all together. I would also try to avoid adding a .htaccess file. This would again make me suspicious.
What I would do is, upon install ping a file on Site B (your site) that captures the location of the plugin folder on Site A (their site), because WP might be installed inside of a directory and not at the root. Then you know where the “web-service.php” file is located. Then you can just hit that file whenever you need. There is no reason for .htaccess rules, or creation of new files.
Just a suggestion 🙂