REST API | WordPress.org

Resolved Marius Schulte
(@mariusiscoding)

5 years, 3 months ago

For XMLRPC interface there is already an option to disable the 2FA:

It would be great if you add the same feature for the REST API.

If you run a API POST request e.g. create a new user I need admin privileges.
But then I can restrict the IP to specific hosts.
For attackers getting JWT or Basic Auth credentials I can use 2FA to discourage them from login in to the WordPress website.

I think this would be a great integration!

Thanks!

Viewing 1 replies (of 1 total)

Plugin Author David Anderson / Team Updraft
(@davidanderson)

5 years, 3 months ago

As far as I knew, there are no methods that you can access over REST with just a username/password: to enable that, you’d have to enable one of the extra plugins that adds that (https://developer.wordpress.org/rest-api/using-the-rest-api/authentication/). It doesn’t make sense for me to add the ability to disable something that the user took action to manually enable?

Viewing 1 replies (of 1 total)

The topic ‘REST API’ is closed to new replies.

1 reply
2 participants
Last reply from: David Anderson / Team Updraft
Last activity: 5 years, 3 months ago
Status: resolved