REST API authentication does not persist between upgrades

  • Resolved dasuberadmin

    (@dasuberadmin)


    4 years, 6 months ago

    Hello world!

    I am managing some 15-ish WP installations and recently we got a notification that by going to the wp-json/wp/v2/users URL the authors could be displayed. I managed to get that fixed by following https://developer.ww.wp.xz.cn/rest-api/frequently-asked-questions/#require-authentication-for-all-requests and adding the snippet of code to the appropriate file, but after upgrading my wordpress I can see that the endpoint is once again accessible to everyone.

    Is there a way to keep the authentication requirement from disabling/removing itself between WP upgrades? Preferably something that doesn’t require a plugin to be installed for something that IMHO should be toggleable in the admin panel.

    Warm regards,

Viewing 5 replies - 1 through 5 (of 5 total)
  • Jacob Peattie

    (@jakept)

    4 years, 6 months ago

    by following https://developer.ww.wp.xz.cn/rest-api/frequently-asked-questions/#require-authentication-for-all-requests and adding the snippet of code to the appropriate file

    What are you calling the appropriate file? If you modify core WordPress files the changes will be wiped whenever WordPress is updated. You should never modify core WordPress files. Code like those examples needs to go in your own plugin or theme. Somewhere that won’t be updated by a third party.

    Thread Starter dasuberadmin

    (@dasuberadmin)

    4 years, 6 months ago

    Hi Jacob,

    I guess that explains it. I was editing wp-includes/rest-api/class-wp-rest-server.php.

    Where can I find a file that I can edit that will persist?

    Jacob Peattie

    (@jakept)

    4 years, 6 months ago

    @dasuberadmin You need to create a plugin. The simplest way to do this is to create a PHP file in wp-content/mu-plugins and add your code there. This will create a Must-Use plugin.

    Thread Starter dasuberadmin

    (@dasuberadmin)

    4 years, 6 months ago

    @jakept So how would this work? I’ve put the code in a .php file and uploaded it to the directory but when I load the site it won’t work (just shows the content of the plugin in the top bar so I think the php code is either incomplete or invalid).

    I’m not a PHP programmer so I’m not sure what I’m doing wrong or what I’m missing.

    [edit] I found that I was missing the <?php ?> tags, works now! Thanks for your help!

    • This reply was modified 4 years, 6 months ago by dasuberadmin. Reason: Found what I was doing wrong
    Jacob Peattie

    (@jakept)

    4 years, 6 months ago

    You’ve probably left out the opening <?php tag.

    If you’re not a PHP programmer, and don’t intend to become one, I _strongly_ advise against making PHP code changes to the website, and suggest sticking to existing plugins or hiring professionals. Bad code can cause serious issues on your website and it’s not always going to be as obvious as this.

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘REST API authentication does not persist between upgrades’ is closed to new replies.