Is REST API needed for Yoast to function
-
Dear support, I have seen REST API been turned on since version 14.x I think. I do not mind it but I have had so many discussions about the security of this feature that I might not do that again.
See this:
https://secure.wphackedhelp.com/blog/wordpress-rest-api-vulnerability-content-injection/August, this Year. This means anyone can now edit these posts that do not update the WP version. I saw a lot of users still not updating to 5.5 for the reason that they do not like Gutenberg and think this is the only solution.
(I think Gutenberg is great even though I prefer HTML but that is just me. Yes, I do think once front-page editing in Gutenberg is done right it will be great, the negative reviews is because it was launched the wrong way marketing wise… but anyhow…)
And now can all the security admins for WP say that exposing usernames or ID is not an issue and that Passwords are enough, I have to respectively disagree.
I build my own WP installer and it has a field for [User] of the site named -> Author and a new field for Login. Why?
Because I do not want to expose my authors in the URL even if Yoast SEO redirects them to the Homepage when archives are turned off.
It still can be found in the author URL. And I have seen some even add their email as login on a new site that is because beginners cannot find any good info on what to do when installing. (e.g. not to use emails as usernames)
So in my own opinion there should be a new field named: [Login name] and a new field named [Author] just as my own WordPress builder does for me and I do not have to edit MySQL display user.
I know they will not change it because I have read so many times they think that user ID is not a security issue. I can find many blogs about it that It ‘could’ be a issue and someone could write a script and hammer any WP site author URL’s until a DoS has happend.
But I do agree that the password should always be secure, I just do not agree that Login should be the same name as Author.
(4 lines of code was all I needed to make these simple changes)
For the rest I LOVE WP and keep working and building my own apps for it… But I have 1 thing to ask Yoast.
My question:
What is the need for REST API for 90% of WP users.
Yes, for me to program it is a great idea but what happens to Yoast SEO plugin when wp-json has been removed from head?
Does this then still work and receive JSON calls?
And is Yoast SEMrush or any integration in the future using this REST API inside Yoast?
I Love the Integration I think also the plugin is still the best out there and I do not say this because I am Dutch. I just think Yoast SEO is great but I like more Help or info why REST API endpoint is needed.
And if we remove these tags from <head> like wp generator or live-writer support or short links or emo support etc. It just makes my code more small that’s all.
But if these tags are gone from head and Yoast SEO still has REST API on will that still work or should the json and other WP tags be back in head to have effect?
I just checked hxxps://yoast.com/wp-json and yes he has it active. If he has it active it must be safe right? I mean Yoast knows a lot about WP and also I think about security. But again, I think for old sites it does expose a security issue so I think is best to turn it off for me now.
But yeah. What is the use of REST API in Yoast as the latest version seems to give errors in Health check when some things are not on or in the head by default.
And if there is no other use then for developers or maybe MainWP or any remote service, is it okay to turn it off or will this have effect on WP in general.
Does WP really need REST API in head for Gutenberg as well?
Looking forward to your advice.
Thanks!
- The topic ‘Is REST API needed for Yoast to function’ is closed to new replies.
