Changeset 2801543
- Timestamp:
- 10/20/2022 12:53:54 AM (22 months ago)
- Location:
- rest-api-guard
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
rest-api-guard/tags/1.0.0/readme.txt
r2801542 r2801543 18 18 ## Usage 19 19 20 The WordPress REST API is generally very public and can share a good deal of 21 information with the internet anonymously. This plugin aims to make it easier to 22 restrict access to the REST API for your WordPress site. 20 The WordPress REST API is generally very public and can share a good deal of information with the internet anonymously. This plugin aims to make it easier to restrict access to the REST API for your WordPress site. 21 22 Out of the box the plugin can: 23 24 - Disable anonymous access to the REST API. 25 - Restrict and control anonymous access to the REST API by namespace, path, etc. 23 26 24 27 ### Settings Page 25 28 26 The plugin can be configured via the Settings page (`Settings -> REST API 27 Guard`) or via the relevant filter. 29 The plugin can be configured via the Settings page (`Settings -> REST API Guard`) or via the relevant filter. 28 30 29 31 ![Screenshot of plugin settings screen](https://user-images.githubusercontent.com/346399/194411352-aa05e939-3fd1-4e37-a3d5-276c1c5c288f.png) … … 31 33 ### Preventing Access to User Information (`wp/v2/users`) 32 34 33 By default, the plugin will restrict anonymous access to the users endpoint. 34 This can be prevented in the plugin's settings or via code: 35 By default, the plugin will restrict anonymous access to the users endpoint. This can be prevented in the plugin's settings or via code: 35 36 36 37 add_filter( 'rest_api_guard_allow_user_access', fn () => true ); … … 38 39 ### Preventing Access to Index (`/`) or Namespace Endpoints (`wp/v2`) 39 40 40 To prevent anonymous users from brow ing your site and discovering what plugins/post types are setup, the plugin restricts access to the index (`/`) and namespace (`wp/v2`) endpoints. This can be prevented in the plugin's settings or via code:41 To prevent anonymous users from browing your site and discovering what plugins/post types are setup, the plugin restricts access to the index (`/`) and namespace (`wp/v2`) endpoints. This can be prevented in the plugin's settings or via code: 41 42 42 43 // Allow index access. … … 54 55 ### Limit Anonymous Access to Specific Namespaces/Routes (Allowlist) 55 56 56 Anonymous users can be granted access only to specific namespaces/routes. 57 Requests outside of these paths will be denied. This can be configured in the 58 plugin's settings or via code: 57 Anonymous users can be granted access only to specific namespaces/routes. Requests outside of these paths will be denied. This can be configured in the plugin's settings or via code: 59 58 60 59 add_filter( … … 73 72 ### Restrict Anonymous Access to Specific Namespaces/Routes (Denylist) 74 73 75 Anonymous users can be restricted from specific namespaces/routes. This acts as 76 a denylist for specific paths that an anonymous user cannot access. The paths 77 support regular expressions for matching. The use of the 78 [Allowlist](#limit-anonymous-access-to-specific-namespacesroutes-allowlist) 79 takes priority over this denylist. This can be configured in the plugin's 80 settings or via code: 74 Anonymous users can be restricted from specific namespaces/routes. This acts as a denylist for specific paths that an anonymous user cannot access. The paths support regular expressions for matching. The use of the [Allowlist](#limit-anonymous-access-to-specific-namespacesroutes-allowlist) takes priority over this denylist. This can be configured in the plugin's settings or via code: 81 75 82 76 add_filter( -
rest-api-guard/trunk/readme.txt
r2801542 r2801543 18 18 ## Usage 19 19 20 The WordPress REST API is generally very public and can share a good deal of 21 information with the internet anonymously. This plugin aims to make it easier to 22 restrict access to the REST API for your WordPress site. 20 The WordPress REST API is generally very public and can share a good deal of information with the internet anonymously. This plugin aims to make it easier to restrict access to the REST API for your WordPress site. 21 22 Out of the box the plugin can: 23 24 - Disable anonymous access to the REST API. 25 - Restrict and control anonymous access to the REST API by namespace, path, etc. 23 26 24 27 ### Settings Page 25 28 26 The plugin can be configured via the Settings page (`Settings -> REST API 27 Guard`) or via the relevant filter. 29 The plugin can be configured via the Settings page (`Settings -> REST API Guard`) or via the relevant filter. 28 30 29 31 ![Screenshot of plugin settings screen](https://user-images.githubusercontent.com/346399/194411352-aa05e939-3fd1-4e37-a3d5-276c1c5c288f.png) … … 31 33 ### Preventing Access to User Information (`wp/v2/users`) 32 34 33 By default, the plugin will restrict anonymous access to the users endpoint. 34 This can be prevented in the plugin's settings or via code: 35 By default, the plugin will restrict anonymous access to the users endpoint. This can be prevented in the plugin's settings or via code: 35 36 36 37 add_filter( 'rest_api_guard_allow_user_access', fn () => true ); … … 38 39 ### Preventing Access to Index (`/`) or Namespace Endpoints (`wp/v2`) 39 40 40 To prevent anonymous users from brow ing your site and discovering what plugins/post types are setup, the plugin restricts access to the index (`/`) and namespace (`wp/v2`) endpoints. This can be prevented in the plugin's settings or via code:41 To prevent anonymous users from browing your site and discovering what plugins/post types are setup, the plugin restricts access to the index (`/`) and namespace (`wp/v2`) endpoints. This can be prevented in the plugin's settings or via code: 41 42 42 43 // Allow index access. … … 54 55 ### Limit Anonymous Access to Specific Namespaces/Routes (Allowlist) 55 56 56 Anonymous users can be granted access only to specific namespaces/routes. 57 Requests outside of these paths will be denied. This can be configured in the 58 plugin's settings or via code: 57 Anonymous users can be granted access only to specific namespaces/routes. Requests outside of these paths will be denied. This can be configured in the plugin's settings or via code: 59 58 60 59 add_filter( … … 73 72 ### Restrict Anonymous Access to Specific Namespaces/Routes (Denylist) 74 73 75 Anonymous users can be restricted from specific namespaces/routes. This acts as 76 a denylist for specific paths that an anonymous user cannot access. The paths 77 support regular expressions for matching. The use of the 78 [Allowlist](#limit-anonymous-access-to-specific-namespacesroutes-allowlist) 79 takes priority over this denylist. This can be configured in the plugin's 80 settings or via code: 74 Anonymous users can be restricted from specific namespaces/routes. This acts as a denylist for specific paths that an anonymous user cannot access. The paths support regular expressions for matching. The use of the [Allowlist](#limit-anonymous-access-to-specific-namespacesroutes-allowlist) takes priority over this denylist. This can be configured in the plugin's settings or via code: 81 75 82 76 add_filter(
Note: See TracChangeset
for help on using the changeset viewer.