Publishing Connector for Flowra

Plugin Banner

Publishing Connector for Flowra

by sudhanrichardson

Download
Description

Publishing Connector for Flowra is a lightweight infrastructure plugin that securely connects a WordPress site with the Flowra content operations platform.

This plugin allows Flowra to interact with WordPress as a trusted publishing client while respecting WordPress permissions, themes, and existing SEO plugins.

The plugin has no user interface and no settings screen. It exists purely as a secure bridge between Flowra and WordPress.

Features

  • Secure authentication using WordPress Application Passwords
  • OAuth-ready architecture for future connection methods
  • Read posts and pages from WordPress
  • Publish, update, and schedule posts
  • Assign categories and tags
  • Sync SEO metadata from popular SEO plugins:
    • Rank Math
    • Yoast SEO
    • All in One SEO
    • SEOPress
  • No conflicts with existing SEO plugins
  • No background jobs or cron tasks
  • No tracking or data collection

Usage

Once activated, the plugin exposes secure REST API endpoints used by Flowra.

All content creation, publishing, and scheduling actions are performed from the Flowra platform.

There are no WordPress admin pages or settings for this plugin.

Security

  • All API requests require authentication
  • Only users with publishing permissions can access endpoints
  • No data is exposed publicly
  • No credentials are stored by the plugin
  1. Upload the publishing-connector-for-flowra folder to the /wp-content/plugins/ directory
  2. Activate the plugin through the WordPress Plugins screen
  3. Generate a WordPress Application Password for an admin or editor user
  4. Connect your site from the Flowra app using the site URL, username, and application password

1.0.4

  • Added defensive class guards to prevent fatal errors if the legacy, manually-installed “flowra-connector” plugin is active on the same site
  • If the legacy flowra-connector plugin is detected, an admin notice now offers a one-click, user-initiated link to deactivate it (nothing is deactivated automatically)
  • Status endpoint now reports the correct plugin slug

1.0.3

  • Security fix: the /publish permission check used a non-existent “publish_post” per-post capability, which could incorrectly deny (or in some setups mis-evaluate) publish/schedule requests; it now correctly checks the type-wide publish_posts capability
  • Security fix: the /content permission check for status=any now also requires edit_others_posts in addition to read_private_posts, since “any” can include other users’ draft/pending/future posts, not just private ones

1.0.2

  • Security: tightened REST API permission checks on the /publish and /content endpoints so capability requirements match the action actually being performed (publishing/scheduling vs. editing, and private vs. other non-public statuses)
  • Fix: content read endpoint now sets up post data correctly before running the_content filters, avoiding conflicts with themes/plugins that rely on it
  • Hardening: SEO metadata fields are now sanitized before being saved

1.0.0

  • Initial public release
  • Secure Flowra WordPress connector
  • Publishing, scheduling, and SEO metadata sync
  • OAuth-ready architecture
Back to top