WordPress REST API Authentication


WordPress REST API Authentication plugin secures the unauthorized access to your WordPress site using different authentication credentials verification. This plugin doesn’t requires much configuration.

There are multiple ways to secure a REST APIs e.g. basic auth, OAuth, JWT etc. but one thing is sure that RESTful APIs should be stateless – so request authentication/authorization should not depend on cookies or sessions. Instead, each API request should come with some sort authentication credentials which must be validated on the server for each and every request.

REST API Authentication Methods:
* Basic Authentication
1. Using Username & Password
2. Using Client-ID & Client-Secret
* API Key Authentication (Authentication with Randomly Generated Key )
* JWT Authentication / JSON Web Tokens Authentication
* OAuth 2.0 Authentication
1. Client Credentials
2. Password grant
* API Authentication for Third Party Provider( using Introspection Endpoint / User Info Endpoint )

* Supports Basic Auth (Basic Authentication), API Key, OAuth 2.0, JWT Authentication methods
* Validates Signature for json web tokens (jwt)
* Allows to access all type of posts/pages based on User’s WordPress Role & Capability
* Allows to Authenticate your WordPress site / REST API with token (access token / jwt token) provided by your OAuth Provider ( Third Party Provider )
* Supports WooCommerce API Authentication


This plugin does store any user data.


  • List of API Authentication Methods
  • List of Protected WP REST APIs
  • Advanced Settings
  • Custom API Integration


This section describes how to install the WordPress REST API Authentication and get it working.

From your WordPress dashboard

  1. Visit Plugins > Add New
  2. Search for REST API Authentication. Find and Install api authentication plugin by miniOrange
  3. Activate the plugin

From WordPress.org

  1. Download WordPress REST API Authentication.
  2. Unzip and upload the wp-rest-api-authentication directory to your /wp-content/plugins/ directory.
  3. Activate WordPress REST API Authentication from your Plugins page.


What is the use of API Authentication

The REST API authentication prevents the unauthorized access to your WordPress API’s.
It reduces potential attack factors

How does this plugin work?

You just have to select your Authentication Method.
Based on the method you have selected you will get the authorization code/token after sending the token request.
Access your REST API with code/token you received in previous step.

How to access draft posts?

You can access draft posts using Basic Auth, OAuth 2.0(using Username:Password) methods. Pages/posts are need to access with the status. Default status used in request is ‘Publish’ and any user can access Published post.
To access the pages/posts stored in draft, you need to append the ?status=draft to the page/post request.
For Example:
You need to use below URL format while sending request to access different type of posts
1. Access draft posts only
2. Access all type of posts
You just have to change the status(draft, pending, any, publish) as per your requirement. You do not have to pass status parameter to access Published posts.

I am not able to access some APIs?

The below list of WP REST APIs are protected and allowed for authorized access in free plugin:
1. /wp/v2/posts
2. /wp/v2/comments
3. /wp/v2/media
We have allowed authorized access to other WP REST APIs in premium versions.


April 13, 2020
I had a problem buying and then installing the plugin, and everything helped me immediately, thanks
January 9, 2020
I had faced a few critical issues related to RESTful services and documentation was of no use since it does not have a great set of resources describing all the scenarios. However, when I reached out to the support team, they were super excited and sounded very technical in helping us to resolve our issues. We constantly had back to back conversations for 4 days and each and every conversation went smooth, professional and smarter. Kudos to Support 🙂
January 6, 2020
I was contacted by a support staff when I deactivated the free version. He was very thorough in asking my requirements and explaining their features to me. I reactivated the free version after knowing more about the features. Even for a free version user, the support is very responsive. I eventually upgraded to the premium version because I need more advanced features. The support staff answered my questions enthusiastically and promptly. I was very impressed with their support.
November 13, 2019
Downloaded this plugin to secure the REST API on my website. There are challenges as the WordPress instance I am working on is running on NGINX, many solutions out there is Apache based and do not provide any lead to the issue faced by me. Managed to send a message via the plugin message box. Within minutes I've got reply from the support personnel and got the issue solved Great plugin and Superb support by the team. Thanks a tonne!
October 24, 2019
At first I did not get any responses from the wordpress api because of incorrect/missing credentials. I send them a message and within an hour I'm having a webcall with one of their developer. He was really persistant and helped out great. We found out that the firewall service that I was using did not send through the api token that you need to authenticate. He then made a custom fix to the plugin to make it work for my specific situation. Seriously never had this great experience with a free plugin. Thanks a lot!
October 17, 2019
I almost gave up trying this plugin because of the API authentication didn't work. Then, during the deactivation of the plugin, there was a feedback popup asking why I'm trying to deactivate the plugin. I sent my feedback and was not expecting anything. But then a few minutes later, I got a reply from the developer to help me solve the issue with the plugin. After a few emails exchanged, we found out that I need to put some Authorization code in my WordPress .htaccess file. Then the API authentication started to work! I really appreciated the developer taking his time to communicate with me. If he didn't do that, I might not be using this awesome plugin. Can you see my smiling face? 🙂 How happy I am because of this plugin works perfectly. I'm integrating my WordPress with my custom app and it works very well. Everything is awesome! Kudos to the developer for the awesome plugin and superb support. Keep it up!
Read all 7 reviews

Contributors & Developers

“WordPress REST API Authentication” is open source software. The following people have contributed to this plugin.




  • Minor Bugfix


  • Minor Bugfix


  • Minor Bugfix


  • Minor Fixes


  • Added UI Changes
  • Updated plugin licensing
  • Added New features
  • Added compatibility for WP 5.3 & PHP7.4
  • Minor UI & feature fixes


  • Added fixes for undefined getallheaders()


  • Added UI changes for Signing Algorithms and Role Based Access
  • Added Signature Validation
  • Minor fixes


  • Added JWT Authentication
  • Fixed role based access to REST APIs
  • Fixed common class conflicts


  • Fixes to Create, Posts, Update Publish Posts


  • Updated UI and features
  • Added compatibility for WordPress version 5.2.2
  • Added support for accessing draft posts as per User’s WordPress Role Capability
  • Allowed Logged In Users to access posts through /wp-admin Dashboard


  • Added Bug fixes


  • Updated UI and features
  • Added compatibility for WordPress version 5.2.2