We’re launching some significant connection improvements today, which ensures a reliable connection between our server and your site(s). This change doesn’t just guarantee an easy-to-use site wizard, but also sets us up for what’s coming next. Read on to find out.
The Problem
Several security plugins disable WordPress application passwords and REST API as a security measure by default, making some of our users think that something might be wrong at our end. We needed to cut that confusion in a way that would be beneficial for our users, but at the same time gives us a ground to build infrastructure for something that’s yet to come.
Plugins like Wordfence and iThemes security tend to disable these features which were needed previously for connecting Stalkfish to your sites. We have been making some changes to ensure those dependencies are a thing of the past.
The Solution
Starting today, neither Application passwords nor REST API is needed. Instead, we’ve added some custom endpoints in the plugin through which our Stalkfish app will communicate. Note that you’ll need to update the Stalkfish plugin on your sites to v1.2.0 for this to work.
Exposing a custom endpoint to request or send data also meant we had to take some security measures. We’ve been researching the most optimal method to do that and ended it with the use of public and private keys. Any request made from the app is signed by the private key and is only accepted on your site when the public key successfully validates it, if not the request is rejected.
What’s next?
Revamping connection improvements was also part of a bigger work which sets the groundwork for us. Behind the scenes, we’re working on introducing the site update management in Stalkfish. In future, Stalkfish would allow you to manage the site, themes, and plugin updates from a single dashboard where you can update your sites with ease.
Be sure to check our roadmap, for what else we’re planning and to log your custom feature requests.