In wp-json-server.php ,line 98, method check_authentication; You create a hook that allows custom authentication, however you do not allow for a fail safe from that hook. The method only checks to see if a successful login is returned. If not, it goes on to check the basic authentication. I don’t know if I’m off here, but if some felt that basic authentication was unsafe and did not want it to be available at all, they cannot currently prevent access attempts of this nature. Failure of login only allows for test of basic auth. You may want to consider checking for null or some other fail value to return false and discontinue execution of the remainder of the method.
- The topic ‘Authentication hacks’ is closed to new replies.