內容簡介
這是最全面的 WordPress REST API 存取控制外掛!
輕鬆安裝,安裝後不需要額外設定即可使用。只需上傳並啟用,整個 REST API 將無法被一般訪客存取。
但如果您需要授權部分端點,您也可以這麼做。前往設定頁面,您可以快速在 REST API 中白名單個別端點(或整個端點分支)。
您甚至可以按使用者角色設定規則,讓您的未驗證使用者擁有一組設定、WooCommerce 客戶有另一組設定,而訂閱者、編輯與管理員都有自己的設定。注意:預設情況下,除非您選擇管理這些設定否則所有定義的使用者角色都會完全存取 REST API。
對於大多數 WordPress 版本,如果一個使用者沒有權限存取一個端點,此外掛都會回傳驗證錯誤。對於舊版支援,WordPress 4.4、4.5 和 4.6 使用提供的 rest_enabled 篩選器禁用整個 REST API。
外掛標籤
開發者團隊
原文外掛簡介
The most comprehensive plugin for controlling access to the WordPress REST API!
Works as a “set it and forget it” install. Just upload and activate, and the entire REST API will be inaccessible to your general site visitors.
But if you do need to grant access to some endpoints, you can do that too. Go to the Settings page and you can quickly whitelist individual endpoints (or entire branches of endpoints) in the REST API.
You can even do this on a per-user-role basis, so your unauthenticated users have one set of rules while WooCommerce customers have another while Subscribers and Editors and Admins all have their own. NOTE: Out of the box, all defined user roles will still be granted full access to the REST API until you choose to manage those settings.
For most versions of WordPress, this plugin will return an authentication error if a user is not allowed to access an endpoint. For legacy support, WordPress 4.4, 4.5, and 4.6 use the provided rest_enabled filter to disable the entire REST API.
