Sorry, you are not allowed to create posts as this user. Wordpress 6.4.3

fanmixco · February 24, 2024, 1:39pm

Describe the problem/error/question

I cannot post anything in WordPress. I’m running the version 6.4.3. This is my .htaccess:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=REMOTE_USER:%{HTTP:Authorization}]
RewriteCond %{HTTP:Authorization} ^(.)
RewriteRule ^(.) - [E=HTTP_AUTHORIZATION:%1]
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

What is the error message (if any)?

Sorry, you are not allowed to create posts as this user.

Please share your workflow

Share the output returned by the last node

Information on your n8n setup

n8n version: N8N Cloud
Database (default: SQLite): N8N Cloud
n8n EXECUTIONS_PROCESS setting (default: own, main):
Running n8n via (Docker, npm, n8n cloud, desktop app): N8N Cloud
Operating system: N8N Cloud

bartv · February 26, 2024, 9:45am

Hey! Did you set up an Application Password? You won’t be able to use your regular user credentials. I remember running into exactly the same issue back when I had to set this up myself

fanmixco · February 28, 2024, 1:14pm

Hi @bartv, we got the credentials from the Application Manager. We created two and none of them is working :/. The result is the same, that’s why we modified the .htaccess without results also.

bartv · February 29, 2024, 7:14am

What is the ‘Application Manager’? Did you follow the steps in the documentation I linked to? You should see this ‘Application Passwords’ section in the user profile of the user:

fanmixco · February 29, 2024, 9:25am

Indeed, it’s created like this:

Sorry because it’s in Spanish, but it’s the same. Contraseñas de aplicación means Application Passwords.

bartv · February 29, 2024, 9:26am

Great! And just to be sure, this user has a role that has editing permissions in WordPress? Something like this?

fanmixco · February 29, 2024, 9:43am

We are testing in a fresh WordPress. The admin user is the one who created the Application Password. We even created two WordPress with the same results. Also, I’m not sure if you can add any configuration to the application password, or am I wrong? Thanks.

bartv · February 29, 2024, 9:52am

No, the application password has the same permissions as the user it’s attached to.

Here are a few things you can try:

See below for a workflow that works for me, I wonder if yours fails because your initial post doesn’t contain any body content?
Perhaps I’m stating the obvious, but make sure you’re using the application password and not the normal password for this account.
Try creating a non-admin account with Editor access and set up an application password for them
If all that fails, I’d recommend trying to access the API with these credentials outside of n8n and seeing if this works.

fanmixco · February 29, 2024, 10:30am

I built a Python script and used the same configuration and the error is exactly the same. Using the script, I’m sure I’m using the Application Password. I’m wondering what I should modify since it’s quite odd, I have tried two WordPress instances, and modified the .htconfig and the result is the same.

Python example:

import requests
import json

# WordPress REST API endpoint for creating a post
url = 'https://MY_WORDPRESS_URL/wp-json/wp/v2/posts'

# Application password credentials
username = 'N8N'
password = 'MY_PASSWORD'

# Content of the post
post_data = {
    'title': 'Your Post Title',
    'content': 'Your post content here.',
    'status': 'publish'  # Set to 'draft' if you want to save it as a draft
}

# Headers
headers = {
    'Content-Type': 'application/json'
}

# Authentication
auth = (username, password)

# Send POST request to create the post
response = requests.post(url, headers=headers, auth=auth, data=json.dumps(post_data))

# Check if the request was successful
if response.status_code == 201:
    try:
        response_json = response.json()
        print('Post created successfully!')
        print('Post ID:', response_json['id'])
    except json.decoder.JSONDecodeError:
        print('Response is not in JSON format.')
        print('Response content:', response.content)
else:
    print('Failed to create post. Status code:', response.status_code)
    print('Error message:', response.content)

bartv · February 29, 2024, 10:35am

It seems your request reaches the API, so I’m pretty sure your .htaccess files are in order. Did you try creating a separate user with only Editor access, not admin?

fanmixco · February 29, 2024, 1:23pm

I created an editor user as suggested with its Application Password and the result is the same:

Error message: b’{“code”:“rest_cannot_create”,“message”:“Sorry, you are not allowed to create posts as this user.”,“data”:{“status”:401}}’

Jon · February 29, 2024, 4:11pm

Looking online a few people have suggested updating the .htaccess, The downside here is while we know the n8n application configuring Wordpress and Apache is outside of our scope so you may need to reach out to the Wordpress communiyt.

From what I can see though the examples provided don’t include the line that contains REMOTE_USER so I would remove that line and see if it helps.

fanmixco · May 11, 2024, 2:13pm

Any hints, Jon? I heard that could be related to the cache, but I don’t know how to check it.

system · August 9, 2024, 2:14pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.