Title: post.php?
Last modified: August 20, 2016

---

# post.php?

 *  [TheNextBillGates](https://wordpress.org/support/users/thenextbillgates/)
 * (@thenextbillgates)
 * [13 years, 5 months ago](https://wordpress.org/support/topic/postphp-1/)
 * I am writing a plugin that will allow my users fill out a form and then create
   a post using the information provided. I have been reading the source code for
   wp since I haven’t found any good documentation on the web for this. I believe
   that posts are saved with post.php since the edit.php form submits to post.php.
   Could somebody confirm that in order to create a post on wordpress I would need
   to sumbit a request to post.php with the post information sent via the http POST
   method, and if so what information must be sent and how must it be formatted 
   to have the post published?

Viewing 2 replies - 1 through 2 (of 2 total)

 *  [Rachel Baker](https://wordpress.org/support/users/rachelbaker/)
 * (@rachelbaker)
 * [13 years, 5 months ago](https://wordpress.org/support/topic/postphp-1/#post-3314532)
 * I would pass the form data onto wp_insert_post() ( [http://codex.wordpress.org/Function_Reference/wp_insert_post](http://codex.wordpress.org/Function_Reference/wp_insert_post))
   to create new posts.
 *  Moderator [bcworkz](https://wordpress.org/support/users/bcworkz/)
 * (@bcworkz)
 * [13 years, 5 months ago](https://wordpress.org/support/topic/postphp-1/#post-3314585)
 * Of course, you can’t POST form data directly to wp_insert_post(), you’ll need
   to develop the code to take the data and prepare it to be passed to the function,
   including data verification, nonce verification, capability verification, etc.
   It would appear that it would be simpler to format your form so it could be submitted
   to post.php (yes, this is the file).
 * But it’s not that simple. When your browser gets the new post publish form, a
   draft version of the post already exists, when you publish a post, you’re actually
   updating and changing the status from draft to publish. It will take some study
   to properly mimic this process in order to successfully submit posts to post.
   php. The primary benefit of going this route is it’s security has been proven
   over time. Creating your own process will likely have security holes, but by 
   taking care you can plug the large ones and be reasonably secure.
 * I would say it’s easier to create your own process, and can be reasonably secure.
   You will get the best security by using post.php, but preparing the data properly
   will not be trivial.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘post.php?’ is closed to new replies.

## Tags

 * [edit.php](https://wordpress.org/support/topic-tag/edit-php/)

 * In: [Hacks](https://wordpress.org/support/forum/plugins-and-hacks/hacks/)
 * 2 replies
 * 3 participants
 * Last reply from: [bcworkz](https://wordpress.org/support/users/bcworkz/)
 * Last activity: [13 years, 5 months ago](https://wordpress.org/support/topic/postphp-1/#post-3314585)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics