REST API access warning

Hi @chamois_blanc ,

Thank you for reaching out.

As mentioned in our documentation at?Troubleshooting REST API, in a lot of cases, this can be caused by a?firewall?or?security plugin?accidentally identifying the API as a threat and blocking the endpoints. To check that, start by completing a?conflict test?to determine if a plugin might be blocking the endpoints.
?
Anyway, I can see that the URL https://wednesdaynighthop.com/wnhapi/tribe/events/v1?is accessible, so that would be a false-positive alarm with the request testing the endpoints not responding during a short period of time, but working as expected after that.

Have you tried closing out the message by clicking on the (x) button on the far-right?

Hi there,

It appears that there hasn’t been any recent activity on this thread, so we’ll consider it resolved. However, if you have any additional questions or concerns, feel free to start a new thread.

Please refer to ticket number #601090 which was submitted in the past week.

I have the same issue (as described above) with a client’s site that I host. The URL equivalent to https://wednesdaynighthop.com/wnhapi/tribe/events/v1 is also visible.

Does this mean that I should not bother spending time following your debugging procedures? You have requested that we disable the custom theme and plugins, but if this is in fact a false-positive, I’m not sure I should be spending time dealing with this any further.

You mentioned this:
Have you tried closing out the message by clicking on the (x) button on the far-right?

If I were to follow that procedure, how long will it take for that message to re-appear if at all?

FYI, this site was on a shared server prior to a bit over a week ago, and was recently moved to a private VPS. On the original server, we had problems connecting to Wordfence. Once the site was moved, Wordfence started playing nice, and your plugin reported this error.

Guidance please…

Hi @gbdg @chamois_blanc

I’m happy to inform you that we’ve recently released an update that should solve the issue you’re having. Please head over to your site and make sure to update your plugins.

As always, please test it first on your staging site before applying it to your live site.

If you encounter any issues after updating to the latest releases, please reach out and let us know.

Thanks for the update. It looks like it changes the behavior to run every couple days. I don’t quite understand why this needs to run on a regular basis at all. The plugin should be able to figure out when one of its calls is blocked, do a retry or two just in case, and then show a warning about it. It shouldn’t be running unnecessary “checks” every couple days.

• This reply was modified 5 months, 2 weeks ago by therealgilles.

Anyway, I can see that the URL?https://wednesdaynighthop.com/wnhapi/tribe/events/v1?is accessible, so that would be a false-positive alarm with the request testing the endpoints not responding during a short period of time, but working as expected after that.

If I’m getting this same response when clicking on my warning link, I’m assuming this is also a false positive?

Just updated to 6.6.1 today and pro 7.0.1 today. The warning only shows up when I’m on the pages or event sections of the back end. I did not catch it in staging because everything appears to be working fine on both production and the staging site. But it would be helpful to see the warning on the plugins page too.

https://zepedalearning.org/wp-json/tribe/events/v1

I am also having this issue with https://depmontgomeryenergyconnection.org/wp-json/tribe/events/v1.

I just looked at my client’s site and when I browse to the equivalent URL as noted above, I still see all of this code. What I am pasting is only the 1st 3 lines – there’s a huge block of code being displayed. Is this a vulnerable threat?

{“namespace”:”tribe\/events\/v1″,”routes”:{“\/tribe\/events\/v1”:{“namespace”:”tribe\/events\/v1″,”methods”:[“GET”],”endpoints”:[{“methods”:[“GET”],”args”:{“namespace”:{“default”:”tribe\/events\/v1″,”required”:false},”context”:{“default”:”view”,”required”:false}}}],”_links”:{“self”:[{“href”:”https:\/\/www.somedomain.com\/blog\/wp-json\/tribe\/events\/v1″}]}},”\/tribe\/events\/v1\/doc”:{“namespace”:”tribe\/events\/v1″,”methods”:[“GET”],”endpoints”:[{“methods”:[“GET”],”args”:[]}],”_links”:{“self”: