carawebs/wp-secure-rest-api

A very simple mu plugin for WordPress that disallows access to REST endpoints for users that are not logged in.

Maintainers

Details

github.com/Carawebs/wp-secure-rest-api

Source

Issues

Installs: 31

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 2

Forks: 1

Open Issues: 0

Type:wordpress-plugin

1.0.1 2017-05-23 19:52 UTC

GPL2 8c37e3a7ed3e9e8ae8fdc61daa87062df4a7d6d8

  • David Egan <david.woop@carawebs.com>

This package is auto-updated.

Last update: 2024-04-21 22:41:21 UTC

README

A super-simple plugin that disallows access to REST endpoints for users that are not logged in.

Stops the REST API from being used to enumerate users.

Usage

  • Clone this repo to mu-plugins - you may need to create this directory in the designated WordPress content directory (wp-content in a standard install)
  • Make sure the file is loaded

If you're using Bedrock, the built in mu-plugins autoloader will take care of loading for you.

Check it's working: https://example.com/wp-json/wp/v2/users should return a 401 response if the user is not logged in.

Non Bedrock Loader

Add this line to a loader in the root mu-plugins directory:

<?php
// path/mu-plugins/load.php
require WPMU_PLUGIN_DIR.'/secure-rest-api/secure-rest-api.php';