Hi, thank you for reporting this.
I have submitted a message to the developers to investigate further these findings.
Thank you
pls update the plugin
I use All in one Security and I have a lot of errors Accessing author info via REST API is forbidden
Hi @mizfa,
As a temporary workaround please uncheck the “Disable Users Enumeration” feature for now.
I wanted to know if there is an update on this.I somehow missed this and only discovered the mess after visiting my Google Console.
I too would like to know if there is a fix for this. I’ve turned off “Disable Users Enumeration” as temporary fix.
Hi,
No I haven’t had a chance to look at this yet because there were other fixes and improvements I had to do for the last release.
I will try and fix this for the next release.
Just to confirm – can you please provide an example of a URL scenario which is being incorrectly blocked by this feature?
An example connection would be this.
curl –header “Authorization: Basic xxxxxxxxxxx” https://mydomain.com/wp-json/wp/v2/users
Ok thanks.
I will implement some code which, when that feature is enabled, will only allow requests to the REST API which have been successfully authenticated.
@wpsolutions Any progress on this?
-
This reply was modified 5 years, 11 months ago by Wasca.
Yes. Please contact me (see my profile) and you can verify the fix I have implemented.
@wpsolutions Email sent from your website.
Hi @wasca,
Please let me know if the new improved solution works for you.
As stated in my email I have tested this myself and it works well but it would be good to get your independent verification.
Hello @wpsolutions – I encountered this issue today with a basic blog URL (not user-related) but it was zipped by twitter. Has this fix been released to the latest plugin version? If not, is there a fix I can implement as well?
Hi @funnychord,
The solution has been successfully implemented and verified and you should see it in the next release which is coming within the next day or two.