Opened 4 years ago
Last modified 4 years ago
#52384 new feature request
WordPress API - Add Limit / Block API Access Features
Reported by: | Darko A7 | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | |
Component: | REST API | Keywords: | |
Focuses: | Cc: |
Description
Hi,
WordPress API is powerful tool, but many users don't actually need or want it. While we can disable it using 3rd party plugins, I believe that basic features to limit access to API via specific/custom tokens, custom users, logged-in (authenticated) users, IP address(es) or CIDR ranges and so on -- should be provided in-core. Yes, yes I know we can achieve it via plugins, but they are not always best way to do it, and sometimes they have bugs, do not pass other internal plugins that actually use API (e.g. CF7) which may create problems, and so on.
What do you think?
Thanks
Note: See
TracTickets for help on using
tickets.
I agree.
Core could allow for configuration to whitelist variable elements in the API endpoints:
Individually, or combined.
Something like this really should be in core. Like managing ports on a server. Only open what is needed (under controlled conditions), and keep the rest closed. Just allowing it all open with WP-json is bad for security, privacy and resources.
It would be a nice way to allow for safe communication between self-managed servers, or business to business data exchange.