[wp-trac] [WordPress Trac] #39806: Disable REST API by default, making it opt-in rather than always-on
WordPress Trac
noreply at wordpress.org
Sun Feb 12 23:42:41 UTC 2017
#39806: Disable REST API by default, making it opt-in rather than always-on
-------------------------+------------------------------
Reporter: mor10 | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: REST API | Version: trunk
Severity: normal | Resolution:
Keywords: close | Focuses:
-------------------------+------------------------------
Comment (by spidoche):
I think it's must be disable by default too (at least on the front),
My client site has been hack via the REST api only 4days after the 4.7
vulnerability was revealed,
It's seem nowadays hackers do not let's us time to update our wordpress
TT.
Also the example of @pcarvalho surprise me , how it is possible to get the
user data without authentication?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/39806#comment:17>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list