Title: REST API problem
Last modified: June 18, 2019

---

# REST API problem

 *  Resolved [kendawes](https://wordpress.org/support/users/kendawes/)
 * (@kendawes)
 * [6 years, 11 months ago](https://wordpress.org/support/topic/rest-api-problem-2/)
 * Hi,
    I’ve installed Ninjafirewall on a site and it seems to be working properly.
 * However, when I run WP Site Health, I get the following…
 * > The REST API request failed due to an error.
   >  Error: [] cURL error 28: Operation
   > timed out after 10000 milliseconds with 0 bytes received
 * I have disabled all plugins and changed the theme and added plugins back one 
   at a time and its Ninjafirewall that triggers the message.
 * If Ninjafirewall is enabled in the Firewall Options – the problem exists.(there
   is no problem evident in the log files)
 * If Ninjafirewall is enabled and debug is turned on – the problem exists. (no 
   problem shows in the Firewall log)
 * If Ninjafirewall is active and disabled in Firewall Options – the problem goes
   away.
 * Any idea what’s going on? This problem doesn’t seem to occur on other websites
   where I have Ninjafirewall installed.

Viewing 15 replies - 1 through 15 (of 20 total)

1 [2](https://wordpress.org/support/topic/rest-api-problem-2/page/2/?output_format=md)
[→](https://wordpress.org/support/topic/rest-api-problem-2/page/2/?output_format=md)

 *  Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/)
 * (@nintechnet)
 * [6 years, 11 months ago](https://wordpress.org/support/topic/rest-api-problem-2/#post-11650090)
 * Hi,
 * This is a known issue with Site Health: it does not handle well PHP sessions.
   If you have a plugin or theme that, like NinjaFirewall, uses PHP sessions, the
   test will always fail. But that does not mean the REST API is not working, just
   the Site Health test fails.
    You can see this discussion: [https://wordpress.org/support/topic/wp-5-2-ninjafirewall-blocks-api-rest-wp-json-calls/#post-11520829](https://wordpress.org/support/topic/wp-5-2-ninjafirewall-blocks-api-rest-wp-json-calls/#post-11520829)
 * Maybe you have the same problem on your site: the blog and REST API URI don’t
   match? You can try to download the utils.php mentioned in the discussion and 
   see if it helps.
 *  Thread Starter [kendawes](https://wordpress.org/support/users/kendawes/)
 * (@kendawes)
 * [6 years, 11 months ago](https://wordpress.org/support/topic/rest-api-problem-2/#post-11650701)
 * Hi!
 * The utils.php file cures the problem!
 * Thank you!
 *  [Alex@portalZINE](https://wordpress.org/support/users/portalzine/)
 * (@portalzine)
 * [6 years, 10 months ago](https://wordpress.org/support/topic/rest-api-problem-2/#post-11758515)
 * Hi,
    Same problem on the latest version (4.0.1). Reverting back to 3.9.1 fixed
   the problem for me for now.
 * Thanks
    Alex
 *  Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/)
 * (@nintechnet)
 * [6 years, 10 months ago](https://wordpress.org/support/topic/rest-api-problem-2/#post-11759967)
 * Does the blog and REST API have the same URL ([see this discussion](https://wordpress.org/support/topic/wp-5-2-ninjafirewall-blocks-api-rest-wp-json-calls/#post-11520829))?
 *  [Alex@portalZINE](https://wordpress.org/support/users/portalzine/)
 * (@portalzine)
 * [6 years, 10 months ago](https://wordpress.org/support/topic/rest-api-problem-2/#post-11760017)
 * Yes urls are identical.
 * Alex
 *  Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/)
 * (@nintechnet)
 * [6 years, 10 months ago](https://wordpress.org/support/topic/rest-api-problem-2/#post-11766520)
 * There must be a difference somewhere. Maybe the protocol? One use HTTPS and the
   other HTTP?
    The firewall takes [the protocol + ‘://’ + the hostname] from both
   the get_site_url() function and the REST API call and simply compare them.
 *  [Alex@portalZINE](https://wordpress.org/support/users/portalzine/)
 * (@portalzine)
 * [6 years, 10 months ago](https://wordpress.org/support/topic/rest-api-problem-2/#post-11767789)
 * No protocol is identical, pure HTTPS through and through.
 * 3.9.1 works fine, just 4.x behaving like that.
 * Fails when trying to access it directly or using a local wp_remote_post to mp/
   v1/transactions (memberpress endpoint) for example.
 *  Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/)
 * (@nintechnet)
 * [6 years, 10 months ago](https://wordpress.org/support/topic/rest-api-problem-2/#post-11770601)
 * That seems to be a different issue that the one mentioned by the OP, because 
   you cannot access the API directly.
    * When you access the API, is there an error
   message? * Right after trying to access it, can you check in the firewall log
   if there’s anything related to this issue? * Did you enable any policy from the“
   Firewall Policies > Basic Policies” such as “Protect against username enumeration”
   and “WordPress REST API”?
 *  [Alex@portalZINE](https://wordpress.org/support/users/portalzine/)
 * (@portalzine)
 * [6 years, 10 months ago](https://wordpress.org/support/topic/rest-api-problem-2/#post-11770615)
 * 1. Same exact error as above
 * `The REST API request failed due to an error.
    Error: [] cURL error 28: Operation
   timed out after 10000 milliseconds with 0 bytes received
 * 2. Nothing in the log.
    3. None of the REST API policies are enabled, if so it
   would fail under 3.9.1 as well.
 *  Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/)
 * (@nintechnet)
 * [6 years, 10 months ago](https://wordpress.org/support/topic/rest-api-problem-2/#post-11771499)
 * The error message is the same, but it must be a different issue. I believe it
   is related to PHP sessions too, though.
    Can you scan your memberpress plugin
   and see if it is using PHP sessions? Search for `session_start` for instance.
   If you find it, can you paste on pastebin.com that line of code, as well as the
   10 lines of preceding and following it?
 *  [Alex@portalZINE](https://wordpress.org/support/users/portalzine/)
 * (@portalzine)
 * [6 years, 10 months ago](https://wordpress.org/support/topic/rest-api-problem-2/#post-11774695)
 * No sessions are being started within memberpress or my own code. There is a function
   present within my own code, that allows to start a session, but is not being 
   used.
 *  Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/)
 * (@nintechnet)
 * [6 years, 10 months ago](https://wordpress.org/support/topic/rest-api-problem-2/#post-11778847)
 * Can you try to access the API directly from another device or browser?
    Or better,
   from command line so that we can test without cookies, for instance:
 *     ```
       $ curl -I http://your-blog/path/to/rest/api/
       ```
   
 *  [Alex@portalZINE](https://wordpress.org/support/users/portalzine/)
 * (@portalzine)
 * [6 years, 10 months ago](https://wordpress.org/support/topic/rest-api-problem-2/#post-11779267)
 * Used pure curl to testdrive, switching from 3.9.1 to 4.0.1 and back.
 * The REST API is using Basic Auth, using application passwords ([https://github.com/georgestephanis/application-passwords](https://github.com/georgestephanis/application-passwords)).
 * Using 3.9.1 resolves and works perfectly.
    Using 4.0.1 the request times out 
   as before.
 *  Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/)
 * (@nintechnet)
 * [6 years, 10 months ago](https://wordpress.org/support/topic/rest-api-problem-2/#post-11781238)
 * There must be a conflict with that plugin. I’ll check that as soon as I have 
   the time to test this plugin.
 *  Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/)
 * (@nintechnet)
 * [6 years, 10 months ago](https://wordpress.org/support/topic/rest-api-problem-2/#post-11786796)
 * Using x-debug, I was able to locate the issue on this line:
    [https://plugins.trac.wordpress.org/browser/ninjafirewall/tags/4.0.1/lib/utils.php#L962](https://plugins.trac.wordpress.org/browser/ninjafirewall/tags/4.0.1/lib/utils.php#L962)
 *     ```
       current_user_can('edit_users')
       ```
   
 * This throws an error.
    I’ll have to find out why the call to `current_user_can`
   is a problem.

Viewing 15 replies - 1 through 15 (of 20 total)

1 [2](https://wordpress.org/support/topic/rest-api-problem-2/page/2/?output_format=md)
[→](https://wordpress.org/support/topic/rest-api-problem-2/page/2/?output_format=md)

The topic ‘REST API problem’ is closed to new replies.

 * ![](https://ps.w.org/ninjafirewall/assets/icon-256x256.png?rev=976137)
 * [NinjaFirewall (WP Edition) - Advanced Security Plugin and Firewall](https://wordpress.org/plugins/ninjafirewall/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/ninjafirewall/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/ninjafirewall/)
 * [Active Topics](https://wordpress.org/support/plugin/ninjafirewall/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/ninjafirewall/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/ninjafirewall/reviews/)

 * 20 replies
 * 3 participants
 * Last reply from: [nintechnet](https://wordpress.org/support/users/nintechnet/)
 * Last activity: [6 years, 8 months ago](https://wordpress.org/support/topic/rest-api-problem-2/page/2/#post-11960493)
 * Status: resolved