[Plugin: JSON API] Security Issues and Stolen Information?

Can anyone who knows I’m using WordPress and potentially the JSON plugin now take my database’s content and even potentially use it themselves once stealing?

I would say the answer is yes. By using this JSON API you basically set up a public web service. Anyone who knows the base URL of your JSON API can query your database. The only way I can think of to secure a webservice is to set a long and difficult to guess URL (Dashboard > Settings > JSON API > API Base). E.g: http://www.yourdomain.com/hdjjriu34984764jjfdjkjdhhsjhdg879348.

By having a website on the web, you’re also in danger of someone scraping you – it’s not as structured, but is being done on a regular basis every day. So really, it’s the same thing, you’re just making the data a little more available. I’d say for those who steal content, it’s easier to just scrape than use this API that you may or may not provide.

Anything you publish on the web is open and public unless you password protect it. That’s the bottom line.

It would be interesting, however, to use oAuth to secure data. It’s a bit of work but I can’t think of any reason it wouldn’t be doable.

You do make a good point there, though I think you’re situation is unique as the plugin only exposes what most themes do anyway which is why it probably doesn’t bother with any authorization.

If it is necessary to hide certain data you could always hack to core controller to hide it.