| 开发者 | 42flows |
|---|---|
| 更新时间 | 2026年5月7日 00:43 |
| PHP版本: | 7.4 及以上 |
| WordPress版本: | 6.9 |
| 版权: | GPL-2.0-or-later |
| 版权网址: | 版权信息 |
show_in_rest.
This plugin is required if you use 42flows to publish SEO-optimized content to your WordPress site. Without it, SEO titles, meta descriptions, and focus keyphrases cannot be set via the REST API.
Supported SEO plugins
_yoast_wpseo_title, _yoast_wpseo_metadesc, _yoast_wpseo_focuskwrank_math_title, rank_math_description, rank_math_focus_keyword_aioseo_title, _aioseo_description, _aioseo_keywordsshow_in_rest => true for posts and pagessanitize_callback (sanitize_text_field) and auth_callback (requires edit_posts capability)42flows-content) that enables render-time features for posts delivered by the 42flows pipeline (schema markup, attribution footer, page-optimizer REST surface). The companion plugin is downloaded from https://42flows.com/plugins/42flows-content-latest.zip via the /wp-json/42flows/v1/install-companion REST route.
The route requires the requesting user to hold:
install_plugins and activate_plugins for fresh installs (typically Administrator role)delete_plugins additionally when a min_version parameter is supplied that exceeds the currently-installed companion version, because the upgrade path deletes the existing companion folder before reinstallingOnly if you use 42flows to publish content to your WordPress site and want SEO meta fields (title, description, focus keyphrase) set automatically via the REST API.
The plugin does nothing if no supported SEO plugin (Yoast, Rank Math, or AIOSEO) is detected. It is safe to keep installed.
Yes. It only registers existing meta fields for REST API access with proper sanitization and authentication. Only users with the edit_posts capability can write to these fields. All input is sanitized with sanitize_text_field.
The companion-install REST route requires install_plugins + activate_plugins capabilities, and additionally delete_plugins for in-place upgrades. The companion plugin source URL is hard-coded — never accepted from request input — so there is no SSRF surface. The optional min_version parameter is validated against a strict X.Y.Z regex before being passed to PHP's version_compare.
Currently it registers meta fields for posts and pages. Support for custom post types can be added in a future version.
/install-companion call, both 42flows-seo-meta and 42flows-content are added to WordPress's auto_update_plugins site option so future feature/security/fix releases reach the customer site without a manual click. Idempotent — safe to call repeatedly. Customers retain control: the WP admin Plugins page still shows a "Disable auto-updates" link.min_version parameter to /wp-json/42flows/v1/install-companion. When supplied (semver X.Y.Z), the route compares the installed companion version against min_version and performs an in-place upgrade (deactivate → delete → reinstall → activate) if the installed version is older. Required because WordPress's Plugin_Upgrader::install refuses to overwrite an existing plugin folder. Without this parameter, behavior is unchanged: idempotent ensure-installed-and-active.delete_plugins capability, in line with the principle of least privilege.min_version is validated as ^\d+\.\d+\.\d+$ before reaching version_compare() to reject arbitrary input./wp-json/42flows/v1/install-companion for authenticated companion-plugin installation (requires install_plugins capability). Used only when the site is connected to 42flows.