A Micropub server plugin.

Author:IndieWeb WordPress Outreach Club (profile at wordpress.org)
WordPress version required:4.9.9
WordPress version tested:5.5.1
Plugin version:2.2.3
Added to WordPress repository:13-02-2015
Last updated:05-02-2020
Rating, %:100
Rated by:3
Plugin URI:https://github.com/snarfed/wordpress-micropub
Total downloads:10 093
Active installs:400+
plugin download
Click to start download

Micropub is an open API standard that is used to create posts on your site using third-party clients. Web apps and native apps (e.g. iPhone, Android)
can use Micropub to post short notes, photos, events or other posts to your own site, similar to a Twitter client posting to Twitter.com.

Once you’ve installed and activated the plugin, try using Quill to create a new post on your site. It walks you through the steps and helps you troubleshoot if you run into any problems. A list of known Micropub clients are available here

Supports the full W3C Micropub CR spec as of version 2.0.0.

As this allows the creation of posts without entering the WordPress admin, it is not subject to any Gutenberg compatibility concerns per se. Posts created will not have Gutenberg blocks
as they were not created with Gutenberg, but otherwise there should be no issues at this time.

Available in the WordPress plugin directory at wordpress.org/plugins/micropub.


This project is placed in the public domain. You may also use it under the CC0 license.


Supports the following scope parameters requested by Micropub clients.
* create – Allows the client to create and publish posts on behalf of the user
* draft – Allows the client to create drafts on behalf of the user but not publish them
* update – Allows the client to update posts on behalf of the user
* delete – Allows the client to undelete/delete posts on behalf of the user
* media – Supports uploading media for the media endpoint, but create or update also give media upload permissions

WordPress details

Filters and hooks

Adds nine filters:

before_micropub( $input )

Called before handling a Micropub request. Returns $input, possibly modified.

micropub_post_content( $post_content, $input ) 

Called during the handling of a Micropub request. The content generation function is attached to this filter by default. Returns $post_content, possibly modified.

micropub_post_type( $post_type = 'post', $input )

Called during the creation of a Micropub post. This defaults to post, but allows for setting Micropub posts to a custom post type.

micropub_tax_input( $tax_input, $input )

Called during the creation of a Micropub post. This defaults to nothing but allows for a Micropub post to set a custom taxonomy.

micropub_syndicate-to( $synd_urls, $user_id )

Called to generate the list of syndicate-to targets to return in response to a query. Returns $synd_urls, an array, possibly modified. This filter is empty by default

micropub_query( $resp, $input )

Allows you to replace a query response with your own customized version to add additional information

micropub_suggest_title( $mf2 )

Allows a suggested title to be generated. This can be used either to generate the post slug or for individuals who want to use it to set a WordPress title

indieauth_scopes( $scopes )

This returns scopes from a plugin implementing IndieAuth or from the internal IndieAuth code. This filter is empty by default.

indieauth_response( $response )

This returns the token auth response from a plugin implementing IndieAuth or from the internal IndieAuth code. This filter is empty by default.

…and two hooks:

after_micropub( $input, $wp_args = null)

Called after handling a Micropub request. Not called if the request fails (ie doesn’t return HTTP 2xx).

micropub_syndication( $ID, $syndicate_to )

Called only if there are syndication targets $syndicate_to for post $ID. $syndicate_to will be an array of UIDs that are verified as one or more of the UIDs added using the micropub_syndicate-to filter.


  • $input: associative array, the Micropub request in JSON format. If the request was form-encoded or a multipart file upload, it’s converted to JSON format.
  • $wp_args: optional associative array. For creates and updates, this is the arguments passed to wp_insert_post or wp_update_post. For deletes and undeletes, args['ID'] contains the post id to be (un)deleted. Null for queries.


Stores microformats2 properties in post metadata with keys prefixed by mf2_. Details here. All values are arrays; use unserialize() to deserialize them.

Does not support multithreading. PHP doesn’t really either, so it generally won’t matter, but just for the record.

Supports Experimental Extensions to Micropub:
* Post Status – Either published or draft
* Visibility – Either public or private.
* Location Visiblity – Either public, private, or protected
* Query for Post List – Supports query for the last x number of posts.
* Query for Supported Queries – Returns a list of query parameters the endpoint supports
* Query for Supported Properties – Returns a list of which supported experimental properties the endpoint supports so the client can choose to hide unsupported ones.
* Discovery of Media Endpoint using Link Rel – Adds a link header for the media endpoint
* Last Media Uploaded – Supports querying for the last image uploaded …set to within the last hour

If an experimental property is not set to one of the noted options, the plugin will return HTTP 400 with body:

  "error": "invalid_request",

WordPress has a whitelist of file extensions that it allows in uploads. If you upload a file in a Micropub extension that doesn’t have an allowed extension, the plugin will return HTTP 400 with body:

  "error": "invalid_request",
  "error_description": "Sorry, this file is not permitted for security reasons."
}<h3>Authentication and authorization</h3>

For reasons of security it is recommended that you only use this plugin on sites that implement HTTPS.

Supports the full OAuth2/IndieAuth authentication and authorization flow. Defaults to IndieAuth.com. Custom auth and token endpoints can be used by overriding the MICROPUB_AUTHENTICATION_ENDPOINT
and MICROPUB_TOKEN_ENDPOINT endpoints or by setting the options indieauth_authorization_endpoint and indieauth_token_endpoint.

If you want to use your own site as an IndieAuth endpoint, you can activate the IndieAuth plugin which is recommended but not required. You can disable the authentication in favor of an alternative plugin.
This can be done by removing the loading of the auth flow or setting MICROPUB_LOCAL_AUTH to 1.

remove_action( 'plugins_loaded', 'load_micropub_auth', 20 ); 

If the token’s me value matches a WordPress user’s or author post URL, that user will be used. If there is only one site author that will be matched otherwise.

Configuration Options

These configuration options can be enabled by adding them to your wp-config.php

  • define('MICROPUB_AUTHENTICATION_ENDPOINT', 'https://indieauth.com/auth') – Define a custom authentication endpoint. Can be overridden in the settings interface
  • define('MICROPUB_TOKEN_ENDPOINT', 'https://tokens.indieauth.com/token') – Define a custom token endpoint. Can be overridden in the settings interface.
  • define('MICROPUB_NAMESPACE', 'micropub/1.0' ) – By default the namespace for micropub is micropub/1.0. This would allow you to change this for your endpoint
  • `define(‘MICROPUB_DISABLE_NAG’, 1 ) – Disable notices for insecure sites
  • `define(‘MICROPUB_LOCAL_AUTH’, 1 ) – Disable built in AUTH in favor of your own plugin.

These configuration options can be enabled by setting them in the WordPress options table.
* indieauth_authorization_endpoint – if set will override MICROPUB_AUTHENTICATION_ENDPOINT for setting a custom endpoint
* indieauth_token_endpoint – if set will override MICROPUB_TOKEN_ENDPOINT for setting a custom endpoint
* micropub_default_post_status – if set, Micropub posts will be set to this status by default( publish, draft, or private ). Can also be set on the settings page.


The canonical repo is http://github.com/indieweb/wordpress-micropub . Feedback and pull requests are welcome!

To add a new release to the WordPress plugin directory, tag it with the version number and push the tag. It will automatically deploy.

To set up your local environment to run the unit tests and set up PHPCodesniffer to test adherence to WordPress Coding Standards and PHP 5.3 Compatibility:

  1. Install Composer. Composer is only used for development and is not required to run the plugin.
  2. Run composer install which will install PHP Codesniffer, PHPUnit, the standards required, and all dependencies.

To configure PHPUnit

  1. Install and start MySQL. (You may already have it.)
  2. Run ./bin/install-wp-tests.sh wordpress_micropub_test root '' localhost to download WordPress and its unit test library, into /tmp and ./temp by default, and create a MySQL db to test against. Background here. Feel free to use a MySQL user other than root. You can set the WP_CORE_DIR and WP_TESTS_DIR environment variables to change where WordPress and its test library are installed. For example, I put them both in the repo dir.
  3. Open wordpress-tests-lib/wp-tests-config.php and add a slash to the end of the ABSPATH value. No clue why it leaves off the slash; it doesn’t work without it.
  4. Run phpunit in the repo root dir. If you set WP_CORE_DIR and WP_TESTS_DIR above, you’ll need to set them for this too. You should see output like this:



    1 / 1 (100%)
    Time: 703 ms, Memory: 33.75Mb
    OK (1 test, 3 assertions)

To set up PHPCodesniffer to test adherence to WordPress Coding Standards and PHP 5.3 Compatibility:

  1. To list coding standard issues in a file, run phpcs --standard=phpcs.xml
  2. If you want to try to automatically fix issues, run phpcbf with the same arguments as phpcs.

To automatically convert the readme.txt file to readme.md, you may, if you have installed composer as noted in the previous section, enter composer update-readme to have the .txt file converted
into markdown and saved to readme.md.