A Photographers & Visitors Guide & Timeless Stories

WordPress Changes – Behind the Scenes

bell-and-cross1. Behind the Scenes

The recent changes are not just about the appearance on mobile phones. There is further enterprise involved and perhaps the real reason for being so stubborn and rash in it’s implementation.

The following applies to any WP hosted blog and any using Jetpack.

A system known as Rest-Api is being installed. The system plants a Rest-Api cookie bundle on your computer. The new user-interface does not work without it.

The Rest-Api system provides:-

  • Easier Application Programming
  • Publicly available access to your posts/comments/likes. There is nothing new there, except that some further information is provided (e.g. the ID’s of visitors).
  • If you give permission, remote access to your blog/image-library for the purposes of allowing a service (e.g. a printing company) to download content.
  • If you give permission, remote access by a developer. Access may include your statistics, the ability to create/edit/delete posts and whatever else you provide permission for.

2. Public/Limited Access to Our Blogs

You might try clicking on some of these (I’ve kept it to the 4 most recent). Each of these will open in a new Tab. You can change the Blog name and you don’t have to be logged in to your account in order to use them. However, Private and Password Protected are not shown unless you are logged in and add “&status=any”. Note: Pretty=1 makes it readable.

Revealing my 4 most recent posts, or for whichever blog is named.


Revealing my 4 most recent comments received, or for whichever blog is named, with information about the commenter.


Revealing my 4 most recent Likes recieved, or for whichever blog is named, on a post with information about the Liker. The Post ID for this is “1” (my About page but may not be the same for you). Otherwise you will need a Post ID which can be obtained from the first link.


Further content is available, when logged in and/or for a developer who has a Blogger’s permission. (see Section 3).

2.1 What’s the problem.

This does provide further information such as numeric ID’s for Blog, Post, Author and Comment relating to yourself and your visitors and, it seems, slows normal access.  Added to this, the design and function are generally considered as inferior to the previous User Interface.

2.2 A Greater Concern

One might consider this point a breach of security. Usually half the battle for a hacker is knowing one’s Log-in name/User name. With WordPress one’s Display name is often the same as one’s Log-in name/User name. However some have wisely hidden there User name behind a different Display name. The above Links publicly reveal any hidden Log-in/User name.

3. Full Access to Our Blogs

With a bloggers permission, a remote service provider (e.g. printing company) or developer may have a limited or complete access to your site using the Rest-Api system. That access relies upon a new cookie bundle “public-api.wordpress.com” on your browser. None of the new UI (Stats, Editor and Notifications) will work without it. However, unless you are adept at cookie management, I don’t recommend trying this. One can lose the ability to comment/like on other blogs if one cannot fully restore cookies.

The full range of Gets (view) and Puts (create/change), available with a Bloggers permission, can be found by clicking here ⇒. Full access can include Private and Password Protected.

Some Gets (as with the links above) are available to anyone.

A developer console here ⇒ provides extended access when logged in to one’s account or for a person who has the blogger’s permission. When using the developer console; to see the full return, click on the bottom left arrow of the brief return.

3.1 The Possible Problems

3.1.1 Security

Access is acquired using OAuth2 authentication. That method has been entirely disavowed by the lead author, who has removed his name from all specifications. His main concerns seem to be that, whilst OAuth1 was a protocol, OAuth2 is a framework that includes many musts and must-nots and requires an unusually high level of expertise to make secure. To read his post click here ⇒. An extract below:-

“To be clear, OAuth 2.0 at the hand of a developer with deep understanding of web security will likely result is a secure implementation. However, at the hands of most developers – as has been the experience from the past two years – 2.0 is likely to produce insecure implementations.”

He also wrote “When compared with OAuth 1.0, the 2.0 specification is more complex, less interoperable, less useful, more incomplete, and most importantly, less secure”.

3.1.2 Business Worth

Being able to store images from a mobile phone/tablet, upload them to WordPress and then download them to a service provider might be of use to some. However, serious photographers and/or those creating company literature (e.g. pamphlets, brochures etc) are more likely to upload higher resolution images directly to a printing company.

Most of us, if approached by a developer who wants access to our site, would likely respond with disinterest.

E-commerce companies might want to make use of a developers services to compete. But, if they’ve got any sense they will use in-house services provided by people who have a deeper knowledge of their company’s business and dedicated to it.

3.1.3 Business Loss

I believe that the new User Interface has been so badly implemented as to deter users in the new enterprise.

Existing customers have suffered considerable and pointless nuisance.

It has been shown that it takes less effort to keep existing customers than acquire new ones.

WP Reader Changes ⇐

WP Changes – Accessing the old system ⇐

9 responses

  1. “It has been shown that it takes less effort to keep existing customers than acquire new ones.”
    I have tried to use this logic with people who get many divorces……….Laughing!
    Most helpful and interesting information Graham. Thanks for posting!

    Liked by 1 person

    December 28, 2016 at 18:20

    • You are welcome.

      Matt Maularug has caused me some nuisance. I hope to return the favour. 😀

      Liked by 1 person

      December 28, 2016 at 20:13

  2. I came across another issue just a couple of weeks ago. To get around lack of upload space I hit upon a solution which opened a new blog and I uploaded my pictures there and then, when I needed them, I copied them across to my main blog. This worked well for a year but then suddenly copy and pasting pictures between blogs started to resize and compress the pictures. I had to go through a full year of posts to put everything right through the text editor. Probably my own fault for trying to cheat the system!

    I still refuse to use the new editor because the old editor is simply much better. I suspect it too will eventually be turned off and when that happens I shall abandon WP.


    December 29, 2016 at 08:51

    • I think that many will.

      I’ve been looking at blogspot. The editor is similar but with a choice of fonts and type sizes. It needs some exploring to discover all it’s function such as using Likes. The Reader is like the new WP Reader but quicker and will include non-blogspot blogs such as WP. At present there are no payed upgrades but up to 15Gb space free if you use Googel Drive.

      On the other hand, I’m not ready to give up on WP just yet. I think the extent of protest did make a difference two years ago. That is, it delayed further destruction until now. Add to this, they seem to do there worst over the holidays, which are almost over.

      We might make more of an impact. Just needs more bloggers involved and then an interested journalist. “Has Matt Mullenweg lost the plot”. 🙂


      December 29, 2016 at 10:11

      • I used blogger from 2008-9 when I switched to WP because I found it to be more user friendly, flexible and with more features. I have posted here since May 2009 and feel as though I have such a huge personal investment that I am reluctant to leave but if functionality of the site continues to deteriorate then I will need to give it some serious thought.
        As you say – let’s hope someone is listening!


        December 29, 2016 at 10:23

        • I’ve also got a lot invested in WP. I’m sure WP rely upon our investment to keep us hooked.

          I don’t think anybody is listening at present but with enough bloggers involved, then it becomes newsworthy an attract the interest of investors. It’s a long road and pointless without support. Let’s see what happens after the holidays.

          On the issue of compressed images. Thanks for the heads up. This is worth watching as it may have implications for the future of attached media libraries and post size.


          December 29, 2016 at 10:55

        • I’ve just received a good idea from Ellen Hawley; complain on twitter whcih is more public. No time at present but will do soon.


          December 29, 2016 at 13:09

  3. Great information…thanks for sharing….


    December 29, 2016 at 22:50

    • You are welcome. It does seem to shed light on WP’s motives. But, no excuse for them to have made such a mess of it. 🙂


      December 29, 2016 at 22:56

♪ Your Comments are Welcome Feedback ♪

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.