php - Submitting comments to Wordpress without SSL /OAuth
I want to let android/iPhone users submit comments anonymously (without registering to the blog) to a self-hosted Wordpress blog.
Is there a simple, secure way to do that?
What I researched so far:
JSON API Plugin -> Works well, but no security.
WP-API -> Doesn't have Submit Comment method implemented + no security.
Well you can just use nonces to avoid XSS attacks, other then that you will obviously need your users to be logged in. Here is a simple way to do that.
EDIT: If you just need to be able to post the comment with their name and email address. Use it as below, but make sure you enable "Respond controller" from the api settings
2nd Edit: For securing the comments you can use nonces, if its not a built in functionality into the plugin you will have to add this functionality inside the submit_comment controller. But it would be a bit hard to generate the nonces from your android application though. A simple solution would be to wrap the existing code in a condition. Something like a base64 encoded time token.
Then in the REST api you can send something like