1

The new WordPress v4.7 integrates WordPress REST API plugin into the core of WP. This makes posts, pages, and media publicly available using HTTP calls even on private sites.

Is there a setting in WP to block or authenticate GET and POST (etc.) requests?

I'm building an Angular 1.5 REST app with WP and it would be great to authenticate these public requests.

Improve this question
1
  • The members plugin by Justin Tadlock wordpress.org/plugins/members now has an option to require authentication to the REST API. Commented Aug 1, 2017 at 14:55

2 Answers 2

Reset to default
0

Sure you can authenticate the requests. I found a link inside the documentation about authentication. It works with Cookies, OAuth and Password as well.

WordPress API Authentication

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I've come across this page but maybe I missed something? In my testing I used postman to test GET .../wp-json/wp/v2/posts and the request went through without verifying any credentials. I haven't been able to find any WP setting to disable this (at the minimum) now that this behavior is included by default.
0

The latest WordPress API now includes authentication for all requests. Adding the filter is_user_logged_in to the rest_authentication_errors filer should require authentication:

add_filter('rest_authentication_errors', function($result) {
    if (!empty($result)) {
        return $result;
    }
    if (!is_user_logged_in()) {
        return new WP_Error('rest_not_logged_in', 'You are not currently logged in.', array('status' => 401));
    }
    return $result;
});
Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.