WordPress

Available · Tier 1

One of the cleanest integrations we ship. WordPress’s REST API is mature, scoped Application Passwords don’t expire, and the SEO-plugin ecosystem (Yoast, RankMath, AIOSEO) gives us a standard place to put meta + JSON-LD. We auto-detect which plugin you have and route metadata accordingly.

How it works

SEORAV authenticates with an Application Password — a 24-character token WordPress generates per-user, per-app, scoped to a single account. We POST to /wp-json/wp/v2/postswith the article body, slug, status, categories, tags, and featured-media id. SEO metadata is written through the active plugin’s meta keys (Yoast / RankMath / AIOSEO) so the rest of your site continues working exactly as before.

On the way back we read the response’s link field and treat that as the live URL — we re-fetch it to score the rendered HTML against the 17-check verifier. Your post-publish dashboard shows the scrape diff: what we sent, what made it onto the page.

What we support

Feature	Supported	Notes
Publish + update + unpublish	Yes	Full CRUD via /wp-json/wp/v2/posts.
Native scheduling	Yes	date_gmt set; WP-Cron handles flip to "publish" at the scheduled time.
Draft mode	Yes	status: "draft" — review in your WP admin before going live.
Featured image upload	Yes	Hero image uploaded to /wp-json/wp/v2/media first, id attached to the post.
Categories & tags	Yes	Resolve to existing IDs by name; create on the fly when a name is new.
JSON-LD in <head>	Yes	Yoast / RankMath / AIOSEO if present; falls back to a tiny custom code injection helper.
Meta title + description	Yes	Plugin-specific meta keys; we detect the active SEO plugin during connect.
Canonical URL	Yes	Yoast canonical OR <link rel="canonical"> via custom code.
Author mapping	Partial	We send the author id if you set the SEORAV author slug to match a WP user. Otherwise the API user is used.
Custom post types	Partial	Default is "post". Configure a different post type in adapter_metadata.cpt_slug if you publish to a custom blog type.
Multisite networks	Partial	Connect each subsite as its own SEORAV integration. We don't handle multi-site at the network level.
Articles + FAQ pages	Yes	Publishes not only blog articles but also FAQ / answer-engine pages. One connection per content type — many teams point the article connection at the default "post" type and the answer-page connection at a custom post type (e.g. "faq") via adapter_metadata.cpt_slug.

One connection per content type

WordPress connections are scoped to a single content type. To publish both long-form articles AND FAQ / answer-engine pages, add two WordPress connections — one for articles, one for answer pages. The same Application Password works for both; point each at a different post type (e.g. post for articles, a custom faq CPT for answer pages) so the two surfaces stay separate in the admin.

Setup

1
Create an Application Password
In WordPress: Users → Profile → Application Passwords. Type a name like SEORAV and click Add New Application Password. WordPress will reveal a 24-character token — copy it now, the screen is the only place it’s ever shown in plaintext.
Application Passwords are scoped per-user — the publishing capability comes from the user account, not the password. Use a user with the Editor role at minimum (or Administrator if you also need to upload media).
2
Confirm REST API is reachable
In your browser, open https://yoursite.com/wp-json/. You should see a JSON response describing your site. If you get a 404, permalinks are wrong: go to Settings → Permalinksand pick anything other than “Plain”.
Some hardening plugins (WordFence, iThemes Security) block REST API for unauthenticated calls — check the plugin’s “REST API” section and allow at least /wp-json/wp/v2/posts with auth.
3
Connect inside SEORAV
Go to Integrations → Connect → WordPress. Paste:
• Site URL — the root of your blog (no trailing slash)
• Username — the WP user the application password belongs to
• Application password — the 24-character string from step 1, with or without spaces
4
Probe runs automatically
Our probe checks: REST API reachable, auth works, SEO plugin detected, user can publish_posts and upload_files. Any blocker fails the connect step with a specific remediation.
If the probe finds neither Yoast / RankMath / AIOSEO it warns you that meta + JSON-LD will fall back to inline body insertion — works, but uglier. Install one of the SEO plugins to get the “real” behaviour.

What we send to your blog

For each approved article, we make up to two requests: optionally upload the featured image to /wp-json/wp/v2/media, then POST the post.

The post request

http

POST https://yourblog.com/wp-json/wp/v2/posts
Authorization: Basic YWRtaW46eHh4eCB4eHh4IHh4eHggeHh4eA==
Content-Type: application/json

{
  "title":   "How to choose a reverse-osmosis system in 2026",
  "slug":    "how-to-choose-reverse-osmosis-system-2026",
  "status":  "publish",
  "content": "<h2>What you actually need to know</h2><p>…</p>",
  "excerpt": "Membrane stages, recovery rate, remineralisation — the only three specs that matter.",
  "categories": [12],
  "tags":       [108, 224, 511],
  "featured_media": 8431,
  "meta": {
    "_yoast_wpseo_title":     "Reverse osmosis · the 3 specs that matter (2026)",
    "_yoast_wpseo_metadesc":  "Membrane stages, recovery rate, remineralisation. Plain-English …",
    "_yoast_wpseo_canonical": "https://yourblog.com/blog/how-to-choose-reverse-osmosis-system-2026"
  }
}

A successful response

json

HTTP/1.1 201 Created
{
  "id":     12459,
  "date":   "2026-04-27T08:00:00",
  "slug":   "how-to-choose-reverse-osmosis-system-2026",
  "status": "publish",
  "link":   "https://yourblog.com/2026/04/how-to-choose-reverse-osmosis-system-2026/",
  "title":  { "rendered": "How to choose a reverse-osmosis system in 2026" },
  "content":{ "rendered": "<h2>What you actually need to know</h2>…" },
  "_links": { "self": [ { "href": "…/wp/v2/posts/12459" } ] }
}

Per-plugin meta keys we write

Property	Type	Description
Yoast SEO	plugin	`_yoast_wpseo_title`, `_yoast_wpseo_metadesc`, `_yoast_wpseo_canonical`, `_yoast_wpseo_focuskw`
RankMath	plugin	`rank_math_title`, `rank_math_description`, `rank_math_canonical_url`, `rank_math_focus_keyword`
All-in-One SEO	plugin	`_aioseo_title`, `_aioseo_description`, `_aioseo_canonical_url`
No plugin	fallback	JSON-LD blocks injected into the post content as the first element. Render works; head injection requires a plugin.

Publishing options

Auto-publish

The default. As soon as you approve in SEORAV, we POST with status: "publish". Article goes live immediately on the URL WordPress assigns based on your permalink structure.

Scheduled

Set a future date in the SEORAV calendar; we send status: "future" with date_gmtset. WP-Cron flips it to "publish" at the scheduled minute. WP-Cron only fires on traffic — if your blog is dead-quiet, pings won’t happen on time. Solution: install a real cron job that hits wp-cron.php every five minutes.

Draft

For human review pre-publish. We send status: "draft"; the post appears in Posts → All Posts → Drafts. Approve in WP admin to publish.

Activity timeline · what you’ll see

A typical first publish — including the featured-image upload — looks like this in your connection’s activity feed:

Activity timeline · what shows up in your dashboard

job_queuedidempotency_key=8b3c…
adapter_requestPOST/wp-json/wp/v2/media (upload featured image)
adapter_response2011.4smedia_id=8431
adapter_requestPOST/wp-json/wp/v2/posts
adapter_response201612mspost_id=12459
verify_startGET https://yourblog.com/2026/04/how-to-…
verify_complete200243msscore 94/100 · 16 of 17 checks passed
job_succeededVerifier note: og_image not on yourblog.com domain

After publishing — make it shine

Re-host the og:image on your domain

WordPress sets og:image to the featured-media URL by default — that's on your domain, perfect. But if you're using a CDN (Cloudflare, Bunny), make sure the image is cached so social validators don't timeout fetching it.

Add a related-posts block

WordPress’s default theme doesn’t cross-link articles. Use a plugin like YARPP or Contextual Related Posts — internal links lift dwell time and pass authority to new content.

Submit to Bing & IndexNow

Install IndexNow Plugin (free, by Bing). It auto-pings IndexNow on every publish — same crawl-trigger network we use for our own sites.

Verify Yoast/RankMath schema

Open the article in your WP editor → SEO panel → check that the Schema preview shows both Article + FAQPage (when our content has FAQ blocks). If only Article shows up, the plugin’s “article schema” setting needs to be enabled.

Pin to your blog index

If the article is part of a content hub, set it as the category’s “sticky” post. Hub-and-spoke architecture compounds — readers and Googlebot both follow the spokes back to the hub.

Watch for low scores in Activity

Scores below 80 mean a check failed silently. Click the verify_complete row and read the checks[] array — common WordPress culprits are missing canonical (when no SEO plugin is active), or featured image too small for Twitter cards.

Troubleshooting

401 Unauthorized on connect

Three usual causes: (1) the username doesn’t match the application password owner — use the same person who created the password; (2) a security plugin is stripping the Authorizationheader — WordFence’s “Disable Application Passwords” switch is the most common offender; (3) you’re on managed WP hosting (WP Engine, Kinsta) that requires a custom auth header — contact support and ask for “REST API basic-auth pass-through”.

404 on /wp-json/

Permalinks are set to “Plain”. Switch to any other style at Settings → Permalinks and save once — that re-flushes rewrite rules.

Featured image upload returns 500

Almost always a PHP upload_max_filesize limit. Hero images we ship are usually 200-500 KB, but if your host has upload_max_filesize=2M and post_max_size=8M, large featured images can fail. Increase in php.ini or your host control panel.

RankMath meta not showing on the page

RankMath caches meta server-side. After our first publish, open the post in WP admin → click the RankMath panel → click “Update meta”. Subsequent publishes are fine; only the very first one sometimes needs a manual cache prime.

My posts are showing up in the wrong post type

WordPress defaults to the post post type. If you blog through a custom post type (e.g., insights, guides), set cpt_slugin the connection’s adapter metadata. Reach out via chat — we’ll wire it.

Security & best practices

Storage

Your application password is encrypted with AES-256-GCM at rest. RLS blocks direct DB reads from the authenticated role — only the publish worker (running with a service-role key) can decrypt. Plaintext leaves the API boundary the moment you submit and is never logged.

Revoke quickly

If you suspect leak, revoke from Users → Profile → Application Passwords → Revoke in WordPress. SEORAV will start failing immediately; delete the connection and reconnect with a fresh password.

Use a dedicated WP user with Editor role — not your main admin account.
Run WordPress on HTTPS only. We refuse to connect to http://.
Keep WordPress core + your SEO plugin up-to-date — REST API surface changes occasionally between major versions.
Don’t store the application password in your repo or password sharing tool: paste once, then forget.

Useful links

PreviousWebhook integration

NextWebflow integration