Getting started with Mastodon x WordPress

If you have a WordPress blog and a Mastodon account, the three things you’re going to want to do is verify your identity, embed toots, and syndicate your blog on the fedirverse.

Verifying Mastodon Identity

Identity verification in the fedirverse is based upon controlling a property elsewhere on the web.

The most basic version of this is running a Mastodon instance: @[email protected] is certainly Jason Scott at the Internet Archive. (Hosting a Mastodon instance is beyond scope of this post.)

As an alternative, @[email protected] can prove they are an authorized account of Reuters news service by inserting code on Reuters.com. There are three ways to do this.

Option 1: Edit Theme Metadata

Insert <link rel="me" href="https://{host}/@{user}"> between the <head></head> elements in header.php. This method is not available to WordPress.com-hosted sites.

Option 2: Social Media Link Blocks

Mastodon, WordPress, and Verification” by @[email protected] demonstrates a step-by-step to using post-Gutenberg blocks to add a Mastodon verification link. This method should be compatible with WordPress.com-hosted sites using modern themes.

Option 3: A Verification plugin

I didn’t see a plugin for mastodon verification so I wrote one. It’s on github: simple-mastodon-verification and wordpress.org: simple-mastodon-verification. It makes Option 1 accessible to WordPress.com-hosted sites by inserting a form field on the General Settings menu. This method should be compatible with WordPress.com-hosted sites, but free plugins require a “Business Plan” upgrade.

Embed Toots in Blog Posts

@[email protected] and @[email protected] asked “is there a good way to embed Toots on a WordPress website?” Short answer: no. Either use screenshots and link to the source, or embrace @[email protected]‘s “no quote tweets” philosophy.

The “WordPress Way” is to take the public URL of the Toot provided (not the one loaded from your own Instance) and paste into a Block to take advantage of WordPress’ built-in iframe wrap: click Share >Copy Link and paste into WordPress. You’ll be rewarded with a 1000px-tall iframe and Console errors about violating the Content Security Policy directive about unsafe inline content.

The WordPress kludge is to use an HTML block. If you are logged-in to Mastodon, you can get iframe embed code by clicking the More option (“…”) at the bottom right of a toot and selecting “embed”. While the supplied iframe code will be accepted by WordPress, and the dimensions of the embed code can be changed, it will return a “This block contains unexpected or invalid content” error.

The long and short of it is that iframes are dangerous so WordPress has a list of approved sites for embeds. Because of the federated nature of Mastodon — and the fediverse — few (if any) instances will ever be on that list. The dimensions of the iframe are hard-coded in the WordPress Core; while a plugin or JS hack could correct them, neither presently exist (nor should they).

If you feel compelled to embed Toots, I suggest using screenshots and link to the source. Remember: your embeds will 404 when instances shut down, and when users auto-purge their timelines. (Just don’t forget the alt-text.)

Syndicate Your Blog on Mastodon

@[email protected] published the ActivityPub plugin, which implements the protocol for WordPress blogs. When enabled (some .htaccess modification may be required), WordPress will respond to Webfinger requests for users ([email protected]) and be discoverable and followable by Mastodon users. It’s worth noting that the ActivityPub feed is per-user (using Author pages), not sitewide, so @[email protected] does not report everything published by all users on opendna.com. (This has some interesting potential for using WP authors to create topical feeds, or only advertise some posts.)

(Note: There is a known glitch with following a WordPress x ActivityPub site, in which results in “request pending” for Follow requests.)