Skip to content
/ wp-secure-rest-api Public

Simple plugin that disallows access to REST endpoints for users that are not logged in. Stops the REST API from being used to enumerate users.

0 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Carawebs/wp-secure-rest-api

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits

.gitignore

.gitignore

 
 

composer.json

composer.json

 
 

readme.md

readme.md

 
 

secure-rest-api.php

secure-rest-api.php

 
 

Repository files navigation

Secure WordPress REST API

A super-simple plugin that disallows access to REST endpoints for users that are not logged in.

Stops the REST API from being used to enumerate users.

Usage

  • Clone this repo to mu-plugins - you may need to create this directory in the designated WordPress content directory (wp-content in a standard install)
  • Make sure the file is loaded

If you're using Bedrock, the built in mu-plugins autoloader will take care of loading for you.

Check it's working: https://example.com/wp-json/wp/v2/users should return a 401 response if the user is not logged in.

Non Bedrock Loader

Add this line to a loader in the root mu-plugins directory:

<?php
// path/mu-plugins/load.php
require WPMU_PLUGIN_DIR.'/secure-rest-api/secure-rest-api.php';

About

Simple plugin that disallows access to REST endpoints for users that are not logged in. Stops the REST API from being used to enumerate users.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

2 tags

Packages

No packages published

Languages