Users Registration Security

  • fersamp

    (@fersamp)


    8 years, 1 month ago

    Hi everyone,
    I’m new in using this plugin, I apprecaite some help.

    I read that you can get nonce using
    http://www.mysite.it/api/get_nonce/?controller=user&method=register
    and you can register a user with
    http://www.mysite.it/api/user/register/?username=john&email=john@domain.com&nonce=67dabb8c91&display_name=John

    and this works for me, I can simply add users to my wordpress site.
    BUT SECURITY WHERE IS?

    EVERYONE CAN GO TO THESE LINKS, GET NONCE AND THEORETICALLY CAN ADD USERS TO MY SITE.

    Am I missing something?

    https://wordpress.org/plugins/json-api-user/

Viewing 1 replies (of 1 total)
  • Plugin Author Ali Qureshi

    (@parorrey)

    8 years, 1 month ago

    Hi fersamp,

    Theoretically speaking, when you allow users to register on your website or app, you want this to happen, the more the better.

    Similarly, get_posts, get-recent_posts, get_page, and other such endpoints in this API also show the same info which is publicly available on your website anyway.

    But every API must be protected especially for such data endpoints which should not the used by others.

    For this API key security (and other features), you can upgrade JSOn API user Plus version.

    I hope it helps.

Viewing 1 replies (of 1 total)
  • The topic ‘Users Registration Security’ is closed to new replies.