7 Comments


  1. Looks very cool – Let’s hope this can’t easily be used for evil. Not sure of the implications as HookPress can make calls on WP native, PHP, Python scripts etc etc.. Assume the WP nonce stuff stops any bad stuff? We’ve already seen crafty URLs doing annoying stuff to our passwords.

    Of course it’s also nice to see him using BBedit :)


  2. I think it can serve its purpose. Dont know if the plugin itself is that usefull but the webhooks idea is kind of cool. But then it would be more like opening up hooks in wordpress for other services rather than WordPress consuming other hooks.


  3. I don’t think Hookpress can use WP nonces, since the “web hooks” are not managed by WP.

    So, unless the web hook is controlled by you, there’s no layer of security.


  4. The concept sounds great, but the more I think of it, the less I find any actual use. Relying on the HTTP system for actions and filters also has some problems for security and stability of the website.

    My biggest problem may be that I just don’t have enough knowledge with the entire webhooks concept since I, a person who thinks that WordPress is great as a web application development framework, am having a hard time coming up with a valid use.


  5. I wrote about Hookpress a few weeks ago, and I think the idea has some potential uses. Mainly, though, I think it might be useful for someone who just isn’t familiar enough with WordPress and/or PHP to write their own plugins directly, or for someone who already has an external event service set up and available via HTTP. But also, if enough stand-alone services pop up using the webhooks idea, it could catch on for certain tasks.

    Granted, it’s not something that tons of people are bound to use for lots of tasks, but I can definitely see it being a really quick way to let WordPress events trigger external scripts, rather than writing a full-blown custom plugin, and dealing with the extra memory and blocking time, or having to re-invent the wheel every time.l

    I think if you read Anil’s Pushbutton Web post, the key point is that this concept “pushes complexity to the hub”.


  6. Thanks for the coverage! ^^

    Re: security. As has been stated above, these POST requests don’t rely on wp nonces or such at all. On the other hand, since HookPress can only display the response of the webhook, no additional damage can be done—you can’t, for example, built a webhook which then instructs HookPress to clear the database or anything. Moreover, as you control which fields are being sent to the webhook, it is ulitmately up to the user to control its use and security.


  7. I think what I need to do is look more into the concept of Webhooks itself and then come back and review the plugin/idea as then I’ll have a better understanding of how useful this could be. Keep up the great work on the YARPP plugin!

Comments are closed.