Securing WP-API version 2 for GET requests

I was working through WP-API and all is great. One issue I had with WP-API is that the endpoints ( such as /wp-json/wp/v2/posts , /wp-json/wp/v2/pages etc ) are also accessible even using GET requests.

Although authentication is required for POST requests ( you can choose to use Basic Auth, Oauth1 or Oauth2 via ), some of us may want it to be slightly more secure. For example requiring access tokens even for GET requests.

Hence I quickly coded a simple wordpress plugin called Secure WP-API

What this wordpress plugin does is that it checks for access_token in the url, and only allows the request to continue if the token is valid.

Have a look at the plugin at

PS: this plugin requires in order for it to work.