Rate limiting in the WP REST API
-
Apparently, Wordfence’s rate limiting functionality ignores REST API requests.
– Instantiante a new WP 4.8.2 instance of the default docker image
– Install and activate Wordfence 6.3.19
– Activate Wordfence’s rate limiting “If anyone’s requests exceed” -> 10 per minute -> block
– Default theme, no plugins other than Wordfence
– Open a new incognito window, visit the site’s home and refresh the window 11 times
– Wordfence blocks the IP as expected– Unblock the IP
– Open a new incognito window, visit [URL]/wp-json and refresh the window 11 times
– Wordfence DOES NOT BLOCK THE IP.
Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
- The topic ‘Rate limiting in the WP REST API’ is closed to new replies.