Recently updated on May 1st, 2024 at 11:16 am

March 1st, 2024 UPDATE: Zapier finally posted a changelog to their WordPress Plugin Page, and we’ve provided it at the end of the article. Version 1.0.4 was the latest version we were able to update to prior to 1.0.6, but version 1.0.5 exists in the changelog, which we find interesting. Since the initial publishing of this article, they have proceeded with the following upgrade path: 1.0.6 -> 1.0.7 -> 1.1.0 -> 1.2.0 -> 1.3.0. That’s a rapid release schedule since March 1st, having done five updates in a month and a half.

Original Post

Look out for flying pigs in the sky, readers, because Zapier just released version 1.0.6 of their long-standing Zapier Plugin for WordPress.

What is Zapier, again?

For those of you that don’t know, Zapier is one of the largest consumer-friendly automation platforms in the world, with over 2.2 million users and 500+ employees. Zapier makes it easy to set up automations because web-based platforms for most users, and experienced developers can utilize tools like Zapier’s integrated email parsing, embedded code processors, and webhooks, to allow for even more automatic task execution. Despite our gripes in our previous blog, we absolutely love the Zapier platform.

As any Zapier for WordPress user will know, the Zapier plugin is needed to get Zapier to talk to your WordPress installation so you can easily create “Zaps” to send data to and from your WordPress website through the magic of automation. Not just data sending, data manipulation as well! With Zapier’s amazing set of tools, you can run calculations, extract specific pieces of data, even manipulate smart devices using services like IFTTT.

In our recent article, “Zapier Formatter Hates Google Docs“, we briefly touched on Zapier’s extreme neglect over their much-used plugin. As of February 29th, 2024, the Zapier for WordPress plugin hadn’t been updated in over 2 years and was sporting a 2 out of 5 stars, symbolizing overall dissatisfaction for the plugin by its user base.

Surprise! Update Zapier for WordPress to 1.0.6

Maybe someone at Zapier came across our previous article (or maybe it was because we linked that article as the solution to someone’s issue in the Zapier Forum), or maybe it was already in the works and it just happened to coincide with the publishing of our article. Regardless, the Zapier for WordPress plugin was long overdue for an update. As of mid-day February 29th, 2024, Zapier’s WordPress plugin has finally been updated from 1.0.4 to 1.0.6!

As expected, BlogVault has already run through the sites we manage and picked up the update as being available:

For those of you managing WordPress by hand (first of all, yuck), you can acquire this update to Zapier by:

1. Log into your WordPress dashboard
2. Click “Plugins”
3. Scroll down in the list until you see “Zapier for WordPress”, which should indicate that a new update is available
4. Click “update now”

What’s in the Zapier for WordPress 1.0.6 Update?

Despite there being a “View version 1.0.6 details” link in the update notification, there is no available changelog on the Zapier Plugin page. Furthermore, searching the web for any additional information about this latest release has returned nothing on Google when filtering for information in the past 24 hours:

That’s kind of a shame for us techie web designers and developers. Knowing what changes are made to the WordPress plugins we’re using helps with the website development process. Not only does knowing what the version fixes help with informed decision making, but it also allows us to determine if newly introduced or reworked functionalities are causing issues with the sites they’re deployed to.

We’ll keep an eye on the Zapier page and reach out to Zapier ourselves to see if we can get the lowdown on what this plugin update has to offer.

Our wish list of fixes for Zapier Plugin 1.0.6 plugin include:

• Better handling of integration with WordPress sites that require 2-Factor Authentication
  • Improved functionality with WordPress Application Passwords
• Integration with WooCommerce
• Security updates

To the best of our knowledge, Zapier’s plugin is extremely finicky with security plugins that enable 2FA, like WordFence and All-In-One Security (AIOS). When trying to connect WordPress to your Zapier account from Zapier’s plugin, it often fails to connect at all unless you disable 2FA, and leave it disabled on the connected account. While we have no information regarding if this issue is fixed, it’s been our #1 gripe about the plugin and its interactions with websites it’s deployed to.

Recent security issues with Zapier v1.0.4?

Recently via one of our hosting servers, we noticed tons of recent brute-force attempts to one of our WordPress sites that has Zapier for WordPress plugin 1.0.4 installed:

WordPress break-ins attempted through Zapier-specific user account

In the screenshot of our Imunify360 instance above, the blurred sections are the WordPress username the brute force hacking attempts were going through. What’s interesting to us, as both designer/developers AND IT security professionals, is that this username was explicitly created for use with the Zapier for WordPress plugin, and has ONLY ever been used by the Zapier platform. That WordPress username went from the account creation in that specific site to being copy/pasted into the “Connect Your WordPress” dialog box generated by Zapier in less than 30 seconds and has never been touched again outside of the Zapier platform. Not only that, but we have user enumeration disabled to prevent bots from scraping usernames:

Screenshot of preventing users enumeration through AIOS WP Security

That leads us to a very looming question: was v1.0.4 of the Zapier for WordPress plugin leaking data, or was Zapier breached?

Update Zapier for WordPress to v1.0.6 NOW!

Until we get some answers from Zapier, that question will be on our mind, as well as everyone that made it to the bottom of this article. In the meantime, log into your WordPress installation(s) or WordPress Management platform and get to updating the Zapier for WordPress plugin ASAP! Not only is it long overdue, but it could be a security risk not having the latest version, especially given we saw increased activity related to our Zapier-specific WordPress user accounts in our security logs.

Hopefully someone from Zapier comes forward and publicizes the plugin changelog for v1.0.6 soon. Stay tuned, as soon as we hear back from Zapier, we’ll update this article with the latest news and information! Thanks for reading! – Mark

Zapier for WordPress Changelog

1.0.0

• Initial release.

1.0.1

• Improved verification of headers.

1.0.2

• Updated readme.

1.0.3

• Added a leeway value for JWT token validation.

1.0.4

• Updated register_rest_route to match >5.6 required arguments.
• Updated latest tested WordPress version to 5.9.

1.0.5

• Updated latest tested WordPress version to 6.4.
• Updated description.

1.0.6

• Updated short description.

1.0.7

• Updated assets.
• Updated description.
• Hotfix: Fix User-Agent header validation.

1.1.0

• Add endpoint to retrieve support fields for custom-type posts.

1.2.0

• Add endpoint to retrieve user roles.
• Add session validation for custom endpoints.

1.3.0

• Updated Firebase JWT lib to ^6.10

Source: https://wordpress.org/plugins/zapier/#developers