Blurt Publisher

Blurt Publisher connects WordPress with the Blurt blockchain.

The recommended publishing mode is Direct RPC. In this mode WordPress prepares the Blurt transaction, signs it locally with the private posting key saved in the plugin settings, and broadcasts the signed transaction directly to public Blurt RPC nodes. No external plugin endpoint is needed.

The plugin can publish:

• WordPress posts.
• WooCommerce products.
• Full post content or excerpt/teaser-only content.
• Products using a Blurt Market-style template.
• Separate post and product schedules.
• Separate post and product Blurt accounts and posting keys.
• Optional fallback through a secured legacy endpoint for hosting environments where Direct RPC is unavailable.

Important security notes

Use only your Blurt private posting key in this plugin. Do not enter your owner key or active key.

Direct RPC mode is recommended because the private posting key stays inside WordPress and is not sent to a plugin endpoint.

Private posting keys and endpoint fallback credentials are stored encrypted at rest when OpenSSL AES-256-GCM is available. The encryption key is derived from BLURT_PUBLISHER_ENCRYPTION_KEY when this constant is defined, otherwise from WordPress auth salts. If you change your WordPress salts or custom encryption key, you may need to re-enter saved private keys.

Legacy endpoint fallback still sends the private posting key to the configured endpoint for a single publication request. It should be used only when Direct RPC is not available on a particular hosting provider.

Protect your WordPress admin account, database, backups and hosting panel. Anyone with access to the database and encryption material may be able to recover stored secrets.

External Services

This plugin connects to external services to publish content to Blurt.

1. Public Blurt RPC nodes

The plugin connects to configured Blurt RPC nodes, by default:

• https://rpc.beblurt.com
• https://rpc.blurt.world
• https://blurt-rpc.saboin.com

The plugin sends signed Blurt blockchain transactions to these nodes. In Direct RPC mode the private posting key is not sent to these nodes; only signed transactions are broadcast.

2. Optional legacy endpoint fallback

If legacy endpoint mode is enabled, the plugin sends post/product data and the private posting key to the configured endpoint URL. The request is protected with HTTPS, endpoint token, timestamp, nonce and HMAC signature.

3. Optional endpoint key registration

When the user clicks the endpoint key generation button, the plugin generates a unique endpoint token and HMAC secret, broadcasts a signed Blurt custom_json proof containing only hashes of those secrets, and sends the actual token/HMAC secret to the configured endpoint registration route over HTTPS.