內容簡介
WordPress REST API 預設是鬆散的端點,駭客可以通過這些端點遠程控制您的網站。 您不希望駭客可以透過 WordPress 登錄和 WordPress 註冊或任何其他端點來獲取訪問權限。 透過我們的 WordPress REST API 認證外掛,我們承諾擁有安全的 API,以防止未經授權的使用者存取 WP REST API 端點,並使用 API 金鑰驗證 或 JWT 認證 或 基本身分驗證 或 OAuth 2.0 身分驗證 或第三方 OAuth 2.0/OIDC/ Firebase 提供者的令牌身分驗證方法來保護 WP REST API 端點免受公眾存取。我們的外掛以確保我們始終擁有安全的 API 連接,以防止資料被破壞。JWT 認證是一種產業認可的加密方法,可用於安全地連接 2 個當事人,我們也允許您在您的 WordPress 網站上使用。
此外,這個外掛還允許您使用上述身分驗證方法訪問 WordPress REST API,不僅限於桌面應用程式,還包括 Android / iOS 應用程式。
這個外掛會確保只有通過成功身分驗證的使用者才能存取您網站的資源,這有助於增加我們對安全 API 的動機。REST API 認證可使您的 WordPress 登錄端點變得更加安全,不受未經授權的存取。使用此外掛,您可以輕鬆保護 API,並以高度安全的方式加以保護。
此外,這個外掛還提供用於認證自定義開發的 REST 端點和第三方外掛 REST API 端點的功能,例如 WooCommerce、LearnDash、BuddyPress、Gravity forms、CoCart 等。
您可以使用另一個基於 GUI 的外掛 Custom API for WordPress 在 WordPress 中創建自訂路由 / REST 端點。
您可以使用以下端點安全地登入 REST API:
https://<your-wordpress-base-url>/wp-json/api/v1/token
用例
WordPress REST API 使 CRUD(建立、讀取、更新和刪除)操作可以在任何地方進行,而不僅僅限於管理員儀表板。 它提供了一種輕量級的客戶端和服務器之間通信的方式,因此進行數據交換成為可能的最佳解決方案。
它可用於創建 iOS/Android 等本機應用程式。 只要語言可以發出 HTTP 請求並解釋 JSON,例如Node.js、Express.js、Ruby、Python等等,就可以使用任何語言。
WordPress 登錄和 WordPress 註冊通過 REST API 認證變得更加安全。
阻止未經授權的公眾存取您的 WordPress,並保護類似 /pages、/posts 等 API 端點以保護您的網站免受駭客攻擊。
只有通過我們外掛的身分驗證方法獲得授權的使用者才能存取安全的 API。
登錄 API 會受到保護,以防止未經授權的存取。
外掛標籤
開發者團隊
② 後台搜尋「JWT Authentication for WP REST APIs」→ 直接安裝(推薦)
📦 歷史版本下載
原文外掛簡介
WordPress REST API endpoints are open and unsecured by default which can be used to access your site data. Secure WordPress APIs from unauthorized users with our JWT Authentication for WP REST APIs plugin.
Our plugin offers below authentication methods to Protect WP REST API endpoints:
– JWT Authentication
– Basic Authentication
– API Key Authentication
– OAuth 2.0 Authentication
– External Token based Authentication 2.0/OIDC/JWT/Firebase provider’s token authentication methods.
You can authenticate default WordPress endpoints and custom-developed REST endpoints and third-party plugin REST API endpoints like that of Woocommerce, Learndash, Buddypress, Gravity Forms, CoCart, etc.
WP REST API Authentication Methods in our plugin
JWT Authentication
Provides an endpoint where you can pass the user credentials, and it will generate a JWT (JSON Web Token), which you can use to access the WordPress REST APIs accordingly.
Additionally, to maintain a seamless user experience without frequent logins needed due to token expiry, you can use our Refresh and Revoke token mechanisms feature.
When the access token expires, instead of forcing the user to log in again, the client can request a new access token using a valid refresh token.
API Key Authentication
Basic Authentication:
– 1. Username: Password
– 2. Client-ID: Client-Secret
OAuth 2.0 Authentication
– 1. Password Grant
– 2. Client Credentials Grant
Third Party Provider Authentication
Following are some of the integrations that are possible with WP REST API Authentication:
Learndash API Authentication
Custom Built REST API Endpoints Authentication
BuddyPress API Authentication
WooCommerce API Authentication
Gravity Form API Authentication
External/Third-party plugin API endpoints integration in WordPress
You can also disable the WP REST APIs with our plugin such that no one can make API calls to your WordPress REST API endpoints.Our plugin also provides Refresh and Revoke Token that can be used to improve the API security.
Benefits of Refresh Token
Enhances security by keeping access tokens short-lived.
Improves user experience with uninterrupted sessions.
Reduces login frequency.
Benefits of Revoke Token
Protects against token misuse if a device is lost or compromised.
Enables admin-triggered logouts or session control.
Useful for complying with stricter session policies.
With this plugin, the user is allowed to access your site’s resources only after successful WP REST API authentication. JWT Authentication for WP REST APIs plugin will make your WordPress endpoints secure from unauthorized access.
Plugin Feature List
FREE PLAN
Authenticate only default core WordPress REST API endpoints.
Basic Authentication with username and password.
JWT Authentication (JSON Web Token Authentication).
Enable Selective API protection.
Restrict non-logged-in users to access REST API endpoints.
Disable WP REST APIs
PREMIUM PLAN
Authenticate all REST API endpoints (Default WP, Custom APIs,Third-Party plugins)
JWT Token Authentication (JSON Web Token Authentication)
Login, Refresh and Revoke token endpoints for token management
API Key Authentication
Basic Authentication (username/password and email/password)
OAuth 2.0 Authentication
Universal API key and User-specific API key for authentication
Selective API protection.
Disable WP REST APIs
Time-based token expiry
Role-based WP REST API authentication
Custom Header support rather than just Authorization to increase security.
Create users in WordPress based on third-party provider access tokens (JWT tokens) authentication.
Privacy
This plugin does not store any user data.
