An open collection of noteworthy things


How to post to WordPress with Python

For this, we’ll be using the xmlrpc.php file (located at http://yoursite/xmlrpc.php). This may cause a few problems, because this file is sometimes not particularly nice with security. To fix this, we’ll define another vhost in our nginx config – and access it over that only. I’ll be assuming that you’re running the python output on the same machine that you’re running WordPress on, as it’ll mean that we only have to listen on later with nginx, making xmlrpc available on that machine only.  Do note that you don’t have to do this, but it’s probably best that you do. Let’s get to it.

First, let’s just make sure everything’s updated (because why not?):

sudo apt-get update && sudo apt-get upgrade

Make sure python2.7 is installed, if it’s not then:

sudo apt-get install python2.7

It should also install any dependencies. We’re now going to add another vhost and configure it.

Copy your currently functioning nginx config:

sudo cp /etc/nginx/sites-enabled/ /etc/nginx/sites-enabled/

Let’s then edit the newly created one:

sudo nano /etc/nginx/sites-enabled/

You’re now going to want to strip out anything you don’t really need. If you were using SSL, you probably don’t need it here (as there’s not going to be any information flying around outside) – that’ll get rid of a bunch of stuff (like where you define the /paths/to/ssl/certs).

The main thing you’re going to want to change, however, is the server_name your site binds to. Change it to – this’ll allow only that machine (using access to xmlrpc. If you’re running a network, change it to the internal IP of the machine. This’ll allow other machines access, too. If there’s some kind of statement blocking xmlrpc, you’ll want to get rid of that too (as we want it). If there’s a statement in another file (like nginx.conf, par example), that’s globally blocking it, you’ll want to get rid of that and block it on a per-site basis; once you’ve done that, your config should look something like this (this is a quick one I threw up):

server {

   listen 80; # because we're not using an ipv6 loopback address
   server_name; # where you want it to be reachable

   root /var/www/;
   index index.php index.html index.htm;

   ## The rest of your config goes here (+ the PHP stuff too!)


Again, you don’t have to block requests coming to your public-facing domain (to xmlrpc), but you really, really should. You can do that with this little snippet – do this on the public-facing site:

location = /xmlrpc.php {
	deny all;
	access_log off;
	log_not_found off;

Great. That’s the hardest part done. We’re now going to want to create a WordPress user to actually post the stuff. You can use your own WordPress user, but I really, really don’t recommend doing that. Just create a new user (Users>Add New), and change their profile however you’d like – but make sure to give them an Author or Editor role, so that they can publish posts. Note the username and password you set for them, it’ll be needed later.

To post to WordPress, there’s a handy module called xmlrpclib. Example code is shown below:

(get it with wget -O

Great! Now, all we need to do is run python (or whatever you named it), and you’ll see a post automagically appear on your WordPress instance!

If you want to get the script to run automatically every so often, you could create a cronjob 🙂