How to store a secret for a plugin inside public_html


My friend has a WordPress site, I have a django server. I am trying to talk to his WordPress site custom endpoints of the REST API, and do priviledged activities like create and unpublish posts. I am making a plugin for him.

My friends wordpress hosting has the following structure:

    - wp-admin
    - wp-content
        - plugins
            - My-Shiny-New-REST-Plugin
                - secret.php
    - wp-includes

In order for the WordPress REST API and my server to talk together, I wish for them to both have copies of a secret key. On the wordpress site it will be stored in secret.php above. Now what concerns me, as far as I can see is that php code seems to be public (django python code is private). And I imagine secret.php is not very secret at all.

How does one store a secret token for ones plugin in a secure way?

run_the_race 5 months 2021-07-10T06:17:18-05:00 0 Answers 0 views 0

Leave an answer