The #WordPress REST API is an open book. See the problem for yourself.
Try this on any site: add /wp-json/ to the end of the domain and see the long list of information publically available for hackersโjust ready to scrape data, spam requests, and poke for vulnerabilities. ๐ฑ
Each #WordPress REST API namespace provides it's own index. Leaving it open for hackers to have a directory to use to their advantage. Public access should be denied by default. ๐จ
Get API Security and we will send them down a black hole instead.
apisecurity.pro
So what are you waiting for. Get API Security to secure your REST API today.
apisecurity.pro
API Security protects you from all of that automatically, silently, while improving traffic control from outsiders and allowing the core of WordPressยฎ, your applications and your trusted tools to use it normally.
Giving you peace of mindโwithout slowing your site down. ๐
To make things worse, and sorry to be of bad news. The REST API is accesible on unsecure HTTP connections. ๐
Wait theres more. Now imagine getting DDOS because you can't lockdown access to the REST API to prevent abuse from excessive calls. Now your suffering from performance degradation on the host running your site. Your current security plugin doesn't help. ๐
Not scary enough for you. Now view the users endpoint /wp-json/wp/v2/users
See all those user ID's and usernames exposed including administrators. ๐คฎ
The #WordPress REST API is an open book. See the problem for yourself.
Try this on any site: add /wp-json/ to the end of the domain and see the long list of information publically available for hackersโjust ready to scrape data, spam requests, and poke for vulnerabilities. ๐ฑ
If anyone uses the REST API in applications and would like to try it out and write a blog post on it so it gets more attention. Please DM to discuss.
Please visit apisecurity.pro to learn more and repost for others.
With API Security, we provide that solution without hacking at the REST API. We cover everything those articles suggest and more without compromising how the core REST API functions and no configuration required. You can test out our security via a demo.
app.instawp.io/launch?t=api...
I see so many articles about how to secure the #WordPress REST API and explain what you should do. They mostly copy each other providing the same code snippets to disable for unauthorized and remove endpoints if not logged in. None of them actually provide a real solution.
Hey everyone!
I just launched API Securityโa zero-config #WordPress plugin that instantly locks down your REST API, blocks unknown outsiders, limits abusive requests, and protects your data.
Details on LTD offer: apisecurity.pro/hello-everyo...
Request demo: app.instawp.io/launch?t=api...
New #WordPress security plugin coming soon that addresses areas that have not been touched by other plugins out there.
If you like to show some appreciation for the work I have done with just the core of my #WordPress plugin CoCart, you can now #sponsor it's development. Rewards are also available. Thank you in advance. ๐ซถ
github.com/co-cart/co-c...
Hello world!
