Saturday, October 15, 2022
HomeWordPress Developmentrelaxation api - Is my Wordpress web site handing out delicate info/misconfigured?

relaxation api – Is my WordPress web site handing out delicate info/misconfigured?


The /?rest_route URL is the non-prettified model of /wp-json, which is the URI the WordPress REST API makes use of.

The REST API shouldn’t be disabled for the reason that Admin UI depends upon it. Having mentioned that, you may require the REST API solely service authenticated customers. To require authentication, add the next rest_authentication_errors filter:

add_filter( 'rest_authentication_errors', operate( $consequence ) {
    // If a earlier authentication examine was utilized,
    // move that consequence alongside with out modification.
    if ( true === $consequence || is_wp_error( $consequence ) ) {
        return $consequence;
    }

    // No authentication has been carried out but.
    // Return an error if person just isn't logged in.
    if ( ! is_user_logged_in() ) {
        return new WP_Error(
            'rest_not_logged_in',
            __( 'You aren't presently logged in.' ),
            array( 'standing' => 401 )
        );
    }

    // Our customized authentication examine should not have any impact
    // on logged-in requests
    return $consequence;
});

I added it to my /wp-includes/rest-api.php file as a part of the rest_api_default_filters() operate definition. Clearly, this can be overwritten as quickly as a brand new model of WordPress is launch, so that is solely a brief measure. After I go to my web site by way of the REST API url above, with out being authenticated, I see the next:

enter image description here

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -
Google search engine

Most Popular

Recent Comments