Support » Plugin: Force Login » WP Rest API

  • Resolved deltamgm2

    (@deltamgm2)


    Hello,
    Does this plugin protect the website from the new WP REST API ?
    (GET public post from wp-json for ex)
    The force auth function is added to the template_redirect, is that enought ?
    Edit: I am not using the WP REST API, but its has been partialy added by default with wp 4.4.. for now 🙁
    Many thanks,
    Best regards,
    Delta

    • This topic was modified 3 years, 1 month ago by deltamgm2.
Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Kevin Vess

    (@kevinvess)

    Hello, great question!

    WordPress 4.4 only included the infrastructure part as part of the core, while the endpoints are only available in the plugin.

    Checkout this post for more details about the REST API that’s included in WP 4.4:
    https://make.wordpress.org/core/2015/10/28/rest-api-welcome-the-infrastructure-to-core/

    Basically, I believe you will need the WP-API plugin installed to use the REST API to pull posts from your site. Since you’re not using the WP REST API – you should be fine*.

    *Don’t quote me on that – you should test first if this is a major concern for you.

    • This reply was modified 3 years ago by Kevin Vess. Reason: added disclaimer
    Plugin Author Kevin Vess

    (@kevinvess)

    Also, Force Login wasn’t built as a “security” plugin but simply blocks the general public from viewing your website content by requiring visitors to login first.

    And, the average visitor isn’t likely to write a custom API request to retrieve you site content.

    However, if you’re particularly concerned about the security or accessibility of your site content via the new WP API, you can try adding the following code to your theme’s functions.php to disable it for your site:

    add_filter('json_enabled', '__return_false');
    add_filter('json_jsonp_enabled', '__return_false');

    For more information about disabling the REST API in WordPress, checkout the following article:
    http://www.wpbeginner.com/wp-tutorials/how-to-disable-json-rest-api-in-wordpress/

    Plugin Author Kevin Vess

    (@kevinvess)

    It looks like the Rest API Endpoints will make their way into WordPress 4.7:
    https://core.trac.wordpress.org/ticket/38373

    deltamgm2

    (@deltamgm2)

    Hello,
    Thanks for your reply,

    I have disabled the rest API with this plugin (V1&V2):
    https://de-ch.wordpress.org/plugins/disable-json-api/

    With wordpress 4.6.1, I think I am still “safe” as I need the plugin for endpoints;

    Not sure what will happen with 4.7… W8&see..

    I have also founded this solution, but not tested for now (I prefer to w8 for 4.7 before doing something wrong…
    https://gist.github.com/danielbachhuber/8f92af4c6a8db784771c

    Regards,
    Delta

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘WP Rest API’ is closed to new replies.