Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Basic Authentication not working with WP REST APIv2 #35

Open
rubenhak opened this issue May 14, 2016 · 89 comments
Open

Basic Authentication not working with WP REST APIv2 #35

rubenhak opened this issue May 14, 2016 · 89 comments

Comments

@rubenhak
Copy link

@rubenhak rubenhak commented May 14, 2016

hi Everybody,

I'm trying to use basic authentication with WP REST API v2 plugin (https://github.com/WP-API/WP-API). But whatever i tried the api returns "Sorry, you are not allowed to ...". Error. I'm using Postman as a client and can see it that correctly set "Authorization" header in the request.

For example if i post here: http://mywebsite.com/wp-json/wp/v2/posts/
Body:
{
"title": "Hello Updated World!",
"content_raw": "Howdy updated content.",
"date": "2013-04-01T14:00:00+10:00"
}

The response is:
{
"code": "rest_cannot_create",
"message": "Sorry, you are not allowed to create new posts.",
"data": {
"status": 401
}
}

I'd appreciate some help here.

Thanks,
Ruben

@navid-dada
Copy link

@navid-dada navid-dada commented May 14, 2016

+1

@rubenhak
Copy link
Author

@rubenhak rubenhak commented May 16, 2016

Adding those into .htaccess solves the problem for me:
RewriteCond %{HTTP:Authorization} ^(.)
RewriteRule ^(.
) - [E=HTTP_AUTHORIZATION:%1]

Though, this files gets overwritten every time to edit the plugin.

@rubenhak
Copy link
Author

@rubenhak rubenhak commented May 17, 2016

Actually this is not a complete solution and more is a workaround. From time to time wordpress overwrites .htaccess files and the changes are lost.

@clemorphy
Copy link

@clemorphy clemorphy commented Jul 1, 2016

Hi !

Exact same problem for me.

I am using WP REST API v2, and this plugin.
Making a GET request with the Postman Chrome App :
https://website.com/wp-json/wp/v2/users/me

I use Basic Auth with a login / password of one of my editor account.
The Authorization header is added to the request.

And all I get is :

{
  "code": "rest_not_logged_in",
  "message": "You are not currently logged in.",
  "data": {
    "status": 401
  }
}

Adding this to my .htaccess didn't change anything :

RewriteCond %{HTTP:Authorization} ^(.)
RewriteRule ^(.) - [E=HTTP_AUTHORIZATION:%1]

Any idea ?

@michaelnagy
Copy link

@michaelnagy michaelnagy commented Jul 12, 2016

+1

@rubensmz
Copy link

@rubensmz rubensmz commented Jul 21, 2016

I'm also experiencing same problem. I thought it was due to CGI running on Apache and its inability sometimes to manage with authentication headers. Nevertheless, when I turn to FPM over nginx the problem persists.

@wblaircox
Copy link

@wblaircox wblaircox commented Aug 4, 2016

+1

1 similar comment
@medrockstar
Copy link

@medrockstar medrockstar commented Aug 4, 2016

+1

@medrockstar
Copy link

@medrockstar medrockstar commented Aug 5, 2016

any solution ?

@heikobornholdt
Copy link

@heikobornholdt heikobornholdt commented Aug 15, 2016

+1

@ghost
Copy link

@ghost ghost commented Aug 24, 2016

I also have the same issue. Any solutions would be a great help

@Zmimmy
Copy link

@Zmimmy Zmimmy commented Aug 25, 2016

Add this to my .htaccess and it helped:

SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

See WP-API/WP-API#2538 Not ideal but it works.

This https://github.com/WP-API/Basic-Auth/pull/32/files might also be helpful.

@nodeGarden
Copy link

@nodeGarden nodeGarden commented Aug 28, 2016

Have tried both /.htaccess changes, and still getting the same rest_cannot_create error.

PostMan settings:
image

image

image

Results:
image

image

The Service Discovery page (/wp-json/wp/json/) shows that the POST method is created for posts:
image

Fresh install of Wordpress on AWS (Bitnami image if that helps any)
Wordpress: 4.6
WP REST API: Version 2.0-beta13.1 and tried Version 1.2.5
JSON Basic Authentication: Version 0.1

@koenhoeijmakers
Copy link

@koenhoeijmakers koenhoeijmakers commented Sep 1, 2016

Hey guys, after some time i finally found the fix (at least for me), It was a .htaccess issue.

The original .htaccess looked like this:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

I changed it to the following

<IfModule mod_rewrite.c>
RewriteEngine On

RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

RewriteBase /
RewriteRule ^index\.php$ - [L]

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

The HTTP_AUTHORIZATION rule has to come before the other rules, this is because the L flag exists, the L flag means (last - stop processing rules), because of this it would never come to that rule if it was after the original wordpress rules,

Hope this helps anyone else!

@ethanclevenger91
Copy link

@ethanclevenger91 ethanclevenger91 commented Sep 1, 2016

.htaccess solutions not working for me.

Mine actually works fine on a local version of the site (using either command line curl or Postman) or if I use Postman to post to the live site while logged in in Chrome. Being logged into the dashboard via Chrome seems to go around the REST API authentication, perhaps related to Postman technically being a Chrome app? If I use the "Generate Code" feature in Postman and copy+paste that to CLI, it does not work.

If I try to post to the live site while not logged in in Chrome, I get the "Sorry, you cannot create new posts" error.

@ethanclevenger91
Copy link

@ethanclevenger91 ethanclevenger91 commented Sep 1, 2016

Hm, so local machine, where it works, is running Homestead. The live server, where it was not working, was running PHP 5.5 with cgi as the handler. I bumped it to PHP 5.6, which uses suPHP as the handler, and it now works. This link seems to imply that these .htaccess fixes should resolve this, but I didn't find that to be true. Other thoughts?

@droa6
Copy link

@droa6 droa6 commented Sep 8, 2016

Awesome, this solved my issue posting to the Wordpress rest API.
Like @koenhoeijmakers mentioned, the HTTP_AUTHORIZATION rule had to become before all other rules.

@eladm92
Copy link

@eladm92 eladm92 commented Oct 2, 2016

Had the same issue and the .htaccess solutions did not work for me.
My issue was that apache on CGI tend to change the request headers from 'header' to 'redirect_header'. I've added this to json_basic_auth_handler function

if(isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) { list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode(substr($_SERVER['REDIRECT_HTTP_AUTHORIZATION'], 6))); }

And it solved my issue

@magadanskiuchen
Copy link

@magadanskiuchen magadanskiuchen commented Dec 29, 2016

+1 on this

I'm having a similar issue but instead of trying to insert posts I'm simply trying to do a search (which also for some reason requires authentication): /wp-json/wp/v2/posts/?filter[s]=lorem

@monsif
Copy link

@monsif monsif commented Dec 30, 2016

Nothing of these worked for me, i finally added this wonderful plugin that solved all my problems 👍
https://github.com/Tmeister/wp-api-jwt-auth

@wadechandler
Copy link

@wadechandler wadechandler commented Jan 3, 2017

+1, having the same issue, hosted at GoDaddy on a Linux account. I'm just now trying to investigate, but hoping others trials prove helpful.

@wadechandler
Copy link

@wadechandler wadechandler commented Jan 3, 2017

I can confirm that koenhoeijmakers .htaccess comment worked for me.

@pie6k
Copy link

@pie6k pie6k commented Jan 9, 2017

As WordPress themes developer, I'm not able to force my clients to change their .htaccess file so supplied solution does not apply in my case.

@Harshadraval
Copy link

@Harshadraval Harshadraval commented Feb 11, 2017

its solve that .. for me you can only add a line in .htaccess file is "SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1" . only add line number 4

BEGIN WordPress

RewriteEngine On RewriteBase /demo/goambee/ RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /demo/goambee/index.php [L]

to

BEGIN WordPress

RewriteEngine On RewriteBase /demo/goambee/ RewriteRule ^index\.php$ - [L] SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /demo/goambee/index.php [L]
@sban90
Copy link

@sban90 sban90 commented Feb 20, 2017

I have tried to recommended fixes in this thread with no luck

.htaccess:
# BEGIN WordPress <IfModule mod_rewrite.c> RewriteEngine On SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule># END WordPress

and added these lines to basic-auth.php:
if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) { list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':' , base64_decode(substr($_SERVER['REDIRECT_HTTP_AUTHORIZATION'], 6))); }

any other recommendations as to why this is not working? host is running on php 5.6 with fastCGI. Local runs fine but that is on php 7.0 with no CGI

@UZfxLfgsRBLVM
Copy link

@UZfxLfgsRBLVM UZfxLfgsRBLVM commented Feb 22, 2017

I too had this problem, and the only thing that worked for me was this plugin: https://github.com/WP-API/Basic-Auth/blob/master/basic-auth.php

Though, it is a shame that this plugin, or any plugin for that matter, is necessary to address this issue. This should be in the core.

@phantomlution
Copy link

@phantomlution phantomlution commented Aug 22, 2018

I find a solution. It seems that the auth plugin is not installed properly.
You can download zip -> https://github.com/WP-API/Basic-Auth.git
and then install it. It works for me.
Related to this issue: WP-API/WP-API#3002

@zearg
Copy link

@zearg zearg commented Oct 4, 2018

I didn't need any .htaccess modifications.
Just read this : https://developer.wordpress.org/rest-api/using-the-rest-api/authentication/
I forgot to use an "X-WP-Nonce" in wp-json query request headers.

An example code :

In PHP :

wp_enqueue_script( 'test, plugin_dir_url( __FILE__ ) . 'js/test.js', array(), $this->version, false );
wp_localize_script( 'test, 'wpApiSettings', array(
	'root' => esc_url_raw( rest_url() ),
	'nonce' => wp_create_nonce( 'wp_rest' )
));

In JS :

		$.ajax( {
			url: wpApiSettings.root + 'wp/v2/users/me',
			method: 'POST',
			beforeSend: function ( xhr ) {
				xhr.setRequestHeader( 'X-WP-Nonce', wpApiSettings.nonce );
			},
			data:{
				'title' : 'Hello Moon'
			}
		} ).done( function ( response ) {
			console.log( response );
		} );

In this example, you can't request directly the WP API in URL.
You have to do this with nonce request headers and auth cookies, in JS on a page or with curl in PHP Code (don't forget auth cookies !)

Hope that'll help

@huynhnhathoangit
Copy link

@huynhnhathoangit huynhnhathoangit commented Oct 19, 2018

Hey guys, after some time i finally found the fix (at least for me), It was a .htaccess issue.

The original .htaccess looked like this:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

I changed it to the following

<IfModule mod_rewrite.c>
RewriteEngine On

RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

RewriteBase /
RewriteRule ^index\.php$ - [L]

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

The HTTP_AUTHORIZATION rule has to come before the other rules, this is because the L flag exists, the L flag means (last - stop processing rules), because of this it would never come to that rule if it was after the original wordpress rules,

Hope this helps anyone else!

Must login to thank you! it works for me!!!

image

@megin1989
Copy link

@megin1989 megin1989 commented Dec 28, 2018

Hello guys, this problem occurs in Nginx. Does anyone know how to solve it on Nginx server ? Please help me.

@MatzeKitt
Copy link

@MatzeKitt MatzeKitt commented Feb 7, 2019

I always had the same problem using a local MAMP. While looking for the issue I could find out that if you use SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1, you receive the token in $_SERVER['HTTP_AUTHORIZATION'] or $_SERVER['REDIRECT_HTTP_AUTHORIZATION'], which are ignored by the Basic-Auth plugin.

To fix this, I added the following inside the json_basic_auth_handler (before verifying that $user is empty, currently line 16):

		// get authorization header
		// needs .htaccess adjustments:
		// SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
		if ( isset( $_SERVER['HTTP_AUTHORIZATION'] ) ) {
			$authorization = \sanitize_text_field( \wp_unslash( $_SERVER['HTTP_AUTHORIZATION'] ) );
		}
		else if ( isset( $_SERVER['REDIRECT_HTTP_AUTHORIZATION'] ) ) {
			$authorization = \sanitize_text_field( \wp_unslash( $_SERVER['REDIRECT_HTTP_AUTHORIZATION'] ) );
		}
		
		if ( ! empty( $authorization ) ) {
			// phpcs:disable WordPress.VIP.ValidatedSanitizedInput.MissingUnslash, WordPress.VIP.ValidatedSanitizedInput.InputNotSanitized, WordPress.VIP.ValidatedSanitizedInput.InputNotValidated
			list( $_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'] ) = explode( ':', base64_decode( substr( $authorization, 6 ) ) );
			// phpcs:enable
		}

This way I decode username and password, split it by the : and add it as $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'], which are then processed by the plugin.

@lanbau
Copy link

@lanbau lanbau commented Feb 22, 2019

Hey guys,

I had the same 401 problem and used the .htaccess rewrite solution above.

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

I fixed my issue as i found out that this does not work with WordPress sites with 2 factor authentication plugin enabled.

After disabling the plugin, everything works as expected!

I also observed that upgrading WordPress versions, the modified htaccess is updated by WordPress core which causes this plugin to fail again.

Hope there is a native fix in future.

Spec

  • Wordpress version: 5.1
  • Non SSL website
@Praful
Copy link

@Praful Praful commented Mar 7, 2019

I've been going around in circles chasing this issue for a WordPress instance hosted by 1&1. I couldn't figure out why this was working on my local docker WordPress instance but not on the hosted site. It turns out that the official WordPress docker instance uses the Apache 2 handler and the hosted site uses CGI/FastCGI for the server API.

If you want to know which you're using, create a file (say info.php) with this:

<?php
phpinfo();  
var_dump(apache_request_headers());
?>

Only the first phpinfo() call is required. The second line dumps the Apache headers for further diagnostics.

This is the solution that worked for me. This solution is slightly different from the updated readme associated with this issue which is different from the readme on the homepage of this repository.

  1. Use the updated basic-auth.php file. The updated version is not in the downloaded ZIP file (Basic-Auth-master.zip). You have to clone the repository.

  2. Change the .htaccess file to include:

# BEGIN WordPress
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
</IfModule>
  1. To stop WordPress permalinks overwriting this change, include the following in your theme's function.php:
add_filter('flush_rewrite_rules_hard','__return_false');
@NeekunjC2C
Copy link

@NeekunjC2C NeekunjC2C commented Mar 14, 2019

I have tried all the suggestion provided including the above latest one by @Praful , Please suggest, any help will be highly appreciated.

@jcsuzanne
Copy link

@jcsuzanne jcsuzanne commented Mar 17, 2019

I've been going around in circles chasing this issue for a WordPress instance hosted by 1&1. I couldn't figure out why this was working on my local docker WordPress instance but not on the hosted site. It turns out that the official WordPress docker instance uses the Apache 2 handler and the hosted site uses CGI/FastCGI for the server API.

If you want to know which you're using, create a file (say info.php) with this:

<?php
phpinfo();  
var_dump(apache_request_headers());
?>

Only the first phpinfo() call is required. The second line dumps the Apache headers for further diagnostics.

This is the solution that worked for me. This solution is slightly different from the updated readme associated with this issue which is different from the readme on the homepage of this repository.

  1. Use the updated basic-auth.php file. The updated version is not in the downloaded ZIP file (Basic-Auth-master.zip). You have to clone the repository.
  2. Change the .htaccess file to include:
# BEGIN WordPress
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
</IfModule>
  1. To stop WordPress permalinks overwriting this change, include the following in your theme's function.php:
add_filter('flush_rewrite_rules_hard','__return_false');

Thanks a lot, this solution did the job for me on a Wordpress instance shared on 1&1 (ionos) too.

Just to be a litte more accurate about the modifications to do in the basic-auth.php file.
You just need to follow the updated code referenced here #35 (comment)

@Praful
Copy link

@Praful Praful commented Mar 17, 2019

@jcsuzanne - that's good to hear :)

I didn't patch anything myself (in step 1 above). I used the basic-auth.php file transferred when you clone the repository using the usual command, which for those who don't know is:

git clone https://github.com/WP-API/Basic-Auth.git

To expand step 1:

1a. I downloaded basic-auth-master.zip from the repository.
1b. Installed this ZIP as a plugin to WordPress.
1c. When 1b didn't work, I cloned the repository to my PC using the above git clone command.
1d. Copied the basic-auth.php file to WordPress, replacing the one from the ZIP file.

I know you've got it working but the above may save someone manually patching the file.

Praful

@caseyryan
Copy link

@caseyryan caseyryan commented Jun 4, 2019

I'd also tried all of the solutions and none worked. Then I started looking for the place where my "not_logged_in" message came from and found out it was one of installed plugins. To be more specific it was a plugin called Members. I used it to restrics site access to some user Roles. That's what was restricting the API access too. For those who also can't solve this problem, this info might be useful

@valerio-bozzolan
Copy link

@valerio-bozzolan valerio-bozzolan commented Jun 9, 2019

Small note: as you know you may need to restart your webserver after this change but, in addition, I had also to log-out and log-in again.

@MichaelSmi
Copy link

@MichaelSmi MichaelSmi commented Jul 5, 2019

Small note for Plesk Users: You have to add SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 to your custom apache conf.
Settings link as of Plesk 18.* is: https://domain.tld:8443/smb/web/web-server-settings/id/#

@DarthTicius
Copy link

@DarthTicius DarthTicius commented Nov 5, 2019

<IfModule mod_rewrite.c>
RewriteEngine On

RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

Can confirm that placing just after the RW rule the line:

RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

in the .htaccess did the trick for me.
comment in question: (koenhoeijmakers .htaccess comment)

@gojetk
Copy link

@gojetk gojetk commented Nov 6, 2019

This works, thank you

@Pezhvak
Copy link

@Pezhvak Pezhvak commented Nov 28, 2019

<IfModule mod_rewrite.c>
RewriteEngine On

RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

Can confirm that placing just after the RW rule the line:

RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

in the .htaccess did the trick for me.
comment in question: (koenhoeijmakers .htaccess comment)

while this works, but it got replaced on the latest woocommerce update. this is not a permanent fix.

@ryandavis84
Copy link

@ryandavis84 ryandavis84 commented Apr 14, 2020

Any updates on this for nginx?

@MatzeKitt
Copy link

@MatzeKitt MatzeKitt commented Apr 15, 2020

I use this configuration in the fastcgi_params:

	fastcgi_param   PHP_AUTH_USER           $remote_user;
	fastcgi_param   PHP_AUTH_PW             $http_authorization;

And these modifications: #35 (comment)

@youry509
Copy link

@youry509 youry509 commented Jun 3, 2020

None of these solution worked for me.
Im using woordpress 5.4 on google cloud.
Bitnami and Automaticc Certified.
Cant get help from wordpress nor bitnami.
Anyone in the same boat as me?

@cdove99
Copy link

@cdove99 cdove99 commented Jun 4, 2020

None of these solution worked for me.
Im using woordpress 5.4 on google cloud.
Bitnami and Automaticc Certified.
Cant get help from wordpress nor bitnami.
Anyone in the same boat as me?

if you're using bitnami you need to update
/opt/bitnami/apps/wordpress/conf/http_app.conf instead of .htaccess.
i was having this issue and couldn't find any solution. until i found out that bitnami doesn't use .htacces by default.

@youry509
Copy link

@youry509 youry509 commented Aug 5, 2020

For those still looking for a solution. I changed the version of my php from 7.4 to 7.2 and its now working for me. (back up your site before you do this). I also installed ioncube loader extension on my 7.2 version of php too, i don't know if that changed anything. Tell me if that worked for you.

@EmXaN
Copy link

@EmXaN EmXaN commented Sep 13, 2020

Nothing above worked. So here is a permanent solution to fix this issue. Just paste the following code/rule right above (i.e. before) the # BEGIN Wordpress in the .htaccess file:

RewriteRule .* - [E=REMOTE_USER:%{HTTP:Authorization}]

Example:
RewriteRule .* - [E=REMOTE_USER:%{HTTP:Authorization}]
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

Logout from the Wordpress Admin and re-login. It won't remove this rule from the .htaccess despite any Wordpress updates.

@suneth2
Copy link

@suneth2 suneth2 commented Oct 16, 2020

finally 2-3 hours effort seems worked, hope this will help someone to solve their issue

on .htaccess


<IfModule mod_rewrite.c>
RewriteEngine On

RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

On theme function.php file


add_filter('woocommerce_rest_check_permissions', 'my_woocommerce_rest_check_permissions', 90, 4);

function my_woocommerce_rest_check_permissions($permission, $context, $object_id, $post_type) {
	
    if($_SERVER['PHP_AUTH_USER'] == 'ck_consumer_key_here' && $_SERVER['PHP_AUTH_PW'] == 'cs_consumer_secrect_key_here') {
		return true;
    }

    return $permission;
}

@apple-avadhesh
Copy link

@apple-avadhesh apple-avadhesh commented Mar 8, 2021

None of these solution worked for me.
Im using woordpress 5.4 on google cloud.
Bitnami and Automaticc Certified.
Cant get help from wordpress nor bitnami.
Anyone in the same boat as me?

if you're using bitnami you need to update
/opt/bitnami/apps/wordpress/conf/http_app.conf instead of .htaccess.
i was having this issue and couldn't find any solution. until i found out that bitnami doesn't use .htacces by default.

It says 'unwritable' when I tried to run the command 'nano /opt/bitnami/apps/wordpress/htdocs/.htaccess' tried setting permission too 'chmod 777' but it didn't work. What am I doing wrong here?? :(

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet