Retour
plugin-icon

REST XML-RPC Data Checker

Par Enrico Sorcinelli·
api
JSON
rest
REST XML-RPC Data Checker allow to check JSON REST and XML-RPC API requests and grant access permissions.
Évaluations
5
Mis à jour récemment
August 4, 2022
Version
1.4.0
Installations actives
1K

JSON REST API and XML-RPC API are powerful ways to remotely interact with WordPress.

If you don’t have external applications that need to communicate with your WordPress instance using JSON REST API or XML-RPC API you should disable access to them for external requests.

In the standard WordPress installation JSON REST API and XML-RPC API are enabled by default. In particular the REST API is turned on also for unlogged users. This means that your WordPress instance is potentially leaking data, for example anyone could be able to:

  • copy easily your published contents natively with the REST API (and not with a web crawler);
  • get the list of all users (with their ID, nickname and name);
  • retrieve other information that you didn’t want to be public (such as an unlisted published page or a saved media not yet used).

Even if you could do the stuff by writing your own code using native filters, this plugin aims to help you to control JSON REST API and XML-RPC API accesses from the administration panel or programmatically by a simple API filter.

Basic Features

  • Disable REST API interface for unlogged users.
  • Disable JSONP support on REST API.
  • Add Basic Authentication to REST API.
  • Remove REST <link> tags, REST Link HTTP header and REST Really Simple Discovery (RSD) informations.
  • Setup trusted users, IP/Networks and endpoints for unlogged users REST requests.
  • Change REST endpoint prefix.
  • Disable XML-RPC API interface.
  • Remove <link> to the Really Simple Discovery (RDS) informations.
  • Remove X-Pingback HTTP header.
  • Setup trusted users, IP/Networks and methods for XML-RPC requests.
  • Show user’s access informations in users list administration screen.

Usage

Once the plugin is installed you can control settings in the following ways:

  • Using the Settings->REST XML-RPC Data Checker administration screen.
  • Programmatically, by using rest_xmlrpc_data_checker_settings filter (see below).

API

Hooks

rest_xmlrpc_data_checker_settings

Filters plugin settings values.

apply_filters( 'rest_xmlrpc_data_checker_settings', array $settings )

rest_xmlrpc_data_checker_admin_settings

Filter allowing to display or not the plugin settings page in the administration.

apply_filters( 'rest_xmlrpc_data_checker_admin_settings', boolean $display )

rest_xmlrpc_data_checker_rest_error

Filter JSON REST authentication error after plugin checks.

apply_filters( 'rest_xmlrpc_data_checker_rest_error', WP_Error|boolean $result )

xmlrpc_before_insert_post

Filter XML-RPC post data to be inserted via XML-RPC before to insert post into database.

apply_filters( 'xmlrpc_before_insert_post', array|IXR_Error $content_struct, WP_User $user )

Extensions connexes

Voir tout
Gratuitsur le plan Creator
Commencer
En procédant à l’installation, vous acceptez les Conditions d’utilisation de WordPress.com ainsi que les Conditions de l’extension tierce.
Installations actives
1K
Testé jusqu’à version
6.0.9
Cette extension est disponible en téléchargement pour être utilisée sur votre installation WordPress auto-hébergée.
Télécharger