“Also lock down the REST API” is kind of a big deal

  • This can have unexpected behaviour. For example we have a simple WordPress install that is consumed by some apps and websites via the API. The site itself we were using this plugin so people would not just be able to browse the site. When you added the lockdown API also, it caused the other sites to require authentication to access the API resources. Obviously this is just my opinion but there is a clear use case for locking down a site but not necessarily the rest api. Perhaps its time for a settings page.

Viewing 1 replies (of 1 total)
  • Plugin Author Drivingralle

    (@drivingralle)

    Hey!

    You are right that before the REST API could be used without any authentication.

    The name and the goal of this plugin is to just allow interaction with WP as a logged-in/authenticated user.
    Therefore the change was made.

    Also the goal of this plugin is to not have setting, so it can be easy deployed and no further setup is required.

    Greetings
    derRALF

Viewing 1 replies (of 1 total)
  • The topic ‘“Also lock down the REST API” is kind of a big deal’ is closed to new replies.