As it is, the existing REST API does not secure itself with a key to prevent unauthorized access, much like how it happened back in WP version 4.7.1.
We need to increase the security around it as a whole.
Read-only archive : Issues · ClassicPress/ClassicPress · GitHub
Author : stefanos82
Vote count : 29
Status : open
Tags :
Comments
1 Like
viktor
August 31, 2021, 10:35pm
4
To try to keep up with WP security improvements, is this something we should consider backporting?
A related, but different discussion:
viktor
January 14, 2023, 5:33am
6
With v2 re-fork, we will keep WP’s application passwords. This petition will be closed, but if application passwords are not enough please open an issue on GitHub.