Title: Rest Api ? Last modified: December 3, 2019 --- # Rest Api ? * [tmccaff](https://wordpress.org/support/users/tmccaff/) * (@tmccaff) * [6 years, 5 months ago](https://wordpress.org/support/topic/rest-api-75/) * I am scanning my site for PCI compliance and get this error: * WordPress REST API User Enumeration Vulnerability * Customers can additionally configure authentication requirement for all REST- API requests. * How is the auth requirment done? What file do I edit? * Thank you Viewing 1 replies (of 1 total) * Moderator [bcworkz](https://wordpress.org/support/users/bcworkz/) * (@bcworkz) * [6 years, 5 months ago](https://wordpress.org/support/topic/rest-api-75/#post-12199027) * It depends on the chosen auth method. The default is via cookies, but can be accomplished by other means via a plugin. [https://developer.wordpress.org/rest-api/using-the-rest-api/authentication/](https://developer.wordpress.org/rest-api/using-the-rest-api/authentication/) * While I know what a user enumeration vuln is, I don’t understand “can additionally configure authentication requirement.” * The ability to discover usernames being a vuln is somewhat of a controversy. It is true one can get usernames from the default API. It’s also easily prevented through the ‘rest_prepare_user’ filter. The filter callback simply unsets any data you don’t want getting out. * You wouldn’t be editing any WP files directly. That is never done. Everything is managed through filter and action hooks. [https://developer.wordpress.org/plugins/hooks/](https://developer.wordpress.org/plugins/hooks/) Viewing 1 replies (of 1 total) The topic ‘Rest Api ?’ is closed to new replies. * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) * 1 reply * 2 participants * Last reply from: [bcworkz](https://wordpress.org/support/users/bcworkz/) * Last activity: [6 years, 5 months ago](https://wordpress.org/support/topic/rest-api-75/#post-12199027) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics