Require authentication when accessing the /wp-json/wp/v2/users REST API endpoint.
| Author: | Sal Ferrarello (profile at wordpress.org) |
| WordPress version required: | 6.5 |
| WordPress version tested: | 6.9.1 |
| Plugin version: | 1.0.0 |
| Added to WordPress repository: | 30-07-2024 |
| Last updated: | 13-01-2026 |
| Rating, %: | 0 |
| Rated by: | 0 |
| Plugin URI: | https://github.com/salcode/require-auth-users... |
| Total downloads: | 1 057 |
| Active installs: | 30+ |
 Click to start download |
|
This plugin modifies the /wp-json/wp/v2/users endpoint to require authentication.
By default on a WordPress site you can list the users that have posted content on the site by visiting this endpoint.
This plugin requires the user to be authenticated to view the list of users.
What this means
If you go directly to the URL /wp-json/wp/v2/users you will get a 401 Unauthorized response.
But if you open a block editor page and run the following from the browser console,
await wp.apiFetch({path: 'wp/v2/users'});
you will get a list of users (because the wp.apiFetch() function authenticates the user’s call to the WordPress REST API).
Author
Sal Ferrarello / salferrarello.com