Securing WP-API version 2 for GET requests

I was working through WP-API and all is great. One issue I had with WP-API is that the endpoints ( such as /wp-json/wp/v2/posts , /wp-json/wp/v2/pages etc ) are also accessible even using GET requests.

Although authentication is required for POST requests ( you can choose to use Basic Auth, Oauth1 or Oauth2 via https://wp-oauth.com/ ), some of us may want it to be slightly more secure. For example requiring access tokens even for GET requests.

Hence I quickly coded a simple wordpress plugin called Secure WP-API

What this wordpress plugin does is that it checks for access_token in the url, and only allows the request to continue if the token is valid.

Have a look at the plugin at https://github.com/EugeneLiang/wp-api-secure

PS: this plugin requires https://wp-oauth.com/ in order for it to work.

wordpressEugeneComment