Support » Plugin: Custom Post Type UI » Secure CPT Rest API Endpoints

  • Resolved jeremiva

    (@jeremiva)


    As mentioned in the title I want to be able to secure the endpoints created by CPT UI is there any build in feature and if not what are the best ways to secure them?

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author Michael Beckwith

    (@tw2113)

    The BenchPresser

    We don’t explicitly create any REST API endpoints with our plugin’s code itself. We just gather up arguments to be passed into register_post_type() and register_taxonomy() so the REST API endpoints are all handled by WordPress core. If your endpoints there are being secured properly, I suspect CPTUI-registered content types will be as well.

    There is private content that nobody has to read except the one logged in. I don’t want someone to be able to read the content by simmply going to a browser and type /wp-json/wp/v2/mybooks

    Plugin Author Michael Beckwith

    (@tw2113)

    The BenchPresser

    Noted and understood, we still don’t have any settings in CPTUI around that topic.

    Something like https://wordpress.org/plugins/wp-cerber/ may be of good use for this topic. Otherwise, I’d end up just googling for possible custom code solutions to deny those requests. Given the 5 star review quantity on that plugin though, you’re probably in good hands.

    If anyone has same problem like me this is the plugin you need to use to solve this problem. https://wordpress.org/plugins/wp-rest-api-authentication/

    Plugin Author Michael Beckwith

    (@tw2113)

    The BenchPresser

    Word, thanks for sharing that resource as well.

    Let us know if you need anything else.

Viewing 5 replies - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.