I just copied the function used in this plugin and adapted it to accept request to those endpoint i.e
function disable_wp_rest_api($access) {
if (!is_user_logged_in() && $_SERVER['REQUEST_URI'] !== "/wp-json/jwt-auth/v1/token" && $_SERVER['REQUEST_URI'] !== "/wp-json/jwt-auth/v1/token/validate") {
$message = apply_filters('disable_wp_rest_api_error', __('REST API restricted to authenticated users.', 'disable-wp-rest-api'));
return new WP_Error('rest_login_required', $message, array('status' => rest_authorization_required_code()));
}
return $access;
}
add_filter('rest_authentication_errors', 'disable_wp_rest_api');
I realised it won’t as you’d need to whitelist the urls for that plugin i.e
/wp-json/jwt-auth/v1/token
/wp-json/jwt-auth/v1/token/validate
when would mean you having to add a whitelist option. Anyway your plugin is nice and simple so I’ve just adapted it for my needs.
