This guide covers how to establish and manage the secure connection between your WordPress site and Shopify store using Wash.
How Connection Works
WordPress Plugin
↓
API Key Authentication
↓
Secure HTTPS Connection
↓
Shopify App (Wash)The connection is established by:
- Installing the Wash app in Shopify
- Creating a new connection in the Shopify app
- Installing the WordPress plugin
- Entering the API key in WordPress
Accessing Connection Settings
In Shopify
- Open your Shopify admin
- Go to Apps > Wash
- Click Connections in the sidebar
- Select your WordPress connection
In WordPress
- Open WordPress admin
- Go to Settings > Wash
- Select the Connection tab
Connection Parameters
Shopify Store URL
Your Shopify store's myshopify.com URL:
your-store.myshopify.comImportant: Always use the
.myshopify.comURL, not your custom domain. The custom domain may change, but the myshopify URL remains constant.
API Key
The secure key generated by the Shopify app. This key:
- Is unique to your store-WordPress connection pair
- Uses HMAC-SHA256 authentication
- Can be regenerated if compromised
- Should never be shared publicly or committed to version control
Regenerating API Key
- Go to Shopify > Apps > Wash > Connections
- Select your connection
- Click Regenerate API Key
- Copy the new key to WordPress
- Test the connection
WordPress Site URL
The URL where your WordPress site is accessible:
| Format | Example |
|---|---|
| Root domain | https://example.com |
| Subdomain | https://blog.example.com |
| Subdirectory | https://example.com/blog |
Connection Status
| Status | Indicator | Meaning |
|---|---|---|
| Connected | 🟢 Green | Active connection, ready to sync |
| Pending | 🟡 Yellow | Connection initiated, awaiting WordPress verification |
| Disconnected | 🔴 Red | No active connection, needs configuration |
| Reconnecting | 🟠 Orange | Temporary issue, automatic retry in progress |
| Error | 🔴 Red | Connection failed, check error message |
Connection Health
Health Check Endpoint
Wash performs regular health checks to ensure the connection is working:
GET /wp-json/wash/v1/health
Headers:
X-Wash-Key: {api_key}
X-Wash-Timestamp: {unix_timestamp}
Response:
{
"status": "healthy",
"version": "1.5.0",
"wordpress": "6.7.1",
"php": "8.3.0"
}Last Sync Information
The connection panel shows:
- Last successful sync — When content was last synced
- Last health check — When connection was last verified
- Articles synced — Total number of articles synced
- Sync queue — Items waiting to be synced
Security
Authentication Flow
1. WordPress generates request
2. Adds X-Wash-Key header (API key)
3. Adds X-Wash-Timestamp header (current time)
4. Sends HTTPS request to Shopify
5. Shopify validates signature
6. If valid, processes requestHTTPS Requirement
All connections require HTTPS. If your WordPress site uses HTTP:
- Install an SSL certificate (Let's Encrypt is free)
- Update WordPress URL in Settings > General
- Test the connection
IP Allowlisting (Optional)
For additional security, you can restrict API access to Shopify's IP ranges. Contact support for the current list.
Multiple Connections
You can connect multiple WordPress sites to one Shopify store:
| Plan | Max Connections |
|---|---|
| Free | 1 |
| Pro | 3 |
| Business | 10 |
| Enterprise | Unlimited |
Troubleshooting
Connection Failed
- Verify the API key is correct (copy-paste, no extra spaces)
- Check that WordPress site is accessible via HTTPS
- Ensure the Wash plugin is activated in WordPress
- Check for firewall rules blocking the connection
Frequent Disconnections
- Check WordPress hosting uptime
- Verify SSL certificate is valid and not expired
- Check for caching plugins blocking API requests
- Review server error logs for PHP errors
API Key Not Working
- Regenerate the API key in Shopify
- Update the key in WordPress
- Clear WordPress transient cache
- Test the connection