[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$feifXhrRjLW_b9dLYEHO5dERV929bhBzEMGgkbD1h6cQ":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":36,"analysis":142,"fingerprints":169},"require-auth-users-rest-endpoint","Require Auth Users REST Endpoint","1.0.0","Sal Ferrarello","https:\u002F\u002Fprofiles.wordpress.org\u002Fsalcode\u002F","\u003Cp>This plugin modifies the \u003Ccode>\u002Fwp-json\u002Fwp\u002Fv2\u002Fusers\u003C\u002Fcode> endpoint to require authentication.\u003C\u002Fp>\n\u003Cp>By default on a WordPress site you can list the users that have posted content on the site by visiting this endpoint.\u003C\u002Fp>\n\u003Cp>This plugin requires the user to be authenticated to view the list of users.\u003C\u002Fp>\n\u003Ch3>What this means\u003C\u002Fh3>\n\u003Cp>If you go directly to the URL \u003Ccode>\u002Fwp-json\u002Fwp\u002Fv2\u002Fusers\u003C\u002Fcode> you will get a \u003Ccode>401 Unauthorized\u003C\u002Fcode> response.\u003C\u002Fp>\n\u003Cp>But if you open a block editor page and run the following from the browser console,\u003C\u002Fp>\n\u003Cpre>\u003Ccode>await wp.apiFetch({path: 'wp\u002Fv2\u002Fusers'});\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>you will get a list of users (because the \u003Ccode>wp.apiFetch()\u003C\u002Fcode> function authenticates the user’s call to the WordPress REST API).\u003C\u002Fp>\n\u003Ch3>Author\u003C\u002Fh3>\n\u003Cp>Sal Ferrarello \u002F \u003Ca href=\"https:\u002F\u002Fsalferrarello.com\" rel=\"nofollow ugc\">salferrarello.com\u003C\u002Fa>\u003C\u002Fp>\n","Require authentication when accessing the \u002Fwp-json\u002Fwp\u002Fv2\u002Fusers REST API endpoint.",30,1035,0,"2026-01-13T02:22:00.000Z","6.9.4","6.5","7.2",[19,20,21,22,23],"api","authentication","endpoint","rest","users","https:\u002F\u002Fgithub.com\u002Fsalcode\u002Frequire-auth-users-rest-endpoint","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frequire-auth-users-rest-endpoint.1.0.0.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":26,"avg_patch_time_days":11,"trust_score":34,"computed_at":35},"salcode",4,5130,94,"2026-04-04T18:39:01.535Z",[37,60,83,102,123],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":15,"requires_at_least":50,"requires_php":51,"tags":52,"homepage":58,"download_link":59,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"jwt-authentication-for-wp-rest-api","JWT Authentication for WP REST API","1.5.0","tmeister","https:\u002F\u002Fprofiles.wordpress.org\u002Ftmeister\u002F","\u003Cp>This plugin seamlessly extends the WP REST API, enabling robust and secure authentication using JSON Web Tokens (JWT). It provides a straightforward way to authenticate users via the REST API, returning a standard JWT upon successful login.\u003C\u002Fp>\n\u003Ch3>Key features of this free version include:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Standard JWT Authentication:\u003C\u002Fstrong> Implements the industry-standard \u003Ca href=\"https:\u002F\u002Ftools.ietf.org\u002Fhtml\u002Frfc7519\" rel=\"nofollow ugc\">RFC 7519\u003C\u002Fa> for secure claims representation.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Simple Endpoints:\u003C\u002Fstrong> Offers clear \u003Ccode>\u002Ftoken\u003C\u002Fcode> and \u003Ccode>\u002Ftoken\u002Fvalidate\u003C\u002Fcode> endpoints for generating and validating tokens.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Configurable Secret Key:\u003C\u002Fstrong> Define your unique secret key via \u003Ccode>wp-config.php\u003C\u002Fcode> for secure token signing.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Optional CORS Support:\u003C\u002Fstrong> Easily enable Cross-Origin Resource Sharing support via a \u003Ccode>wp-config.php\u003C\u002Fcode> constant.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer Hooks:\u003C\u002Fstrong> Provides filters (\u003Ccode>jwt_auth_expire\u003C\u002Fcode>, \u003Ccode>jwt_auth_token_before_sign\u003C\u002Fcode>, etc.) for customizing token behavior.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>JSON Web Tokens are an open, industry standard method for representing claims securely between two parties.\u003C\u002Fp>\n\u003Cp>For users requiring more advanced capabilities such as multiple signing algorithms (RS256, ES256), token refresh\u002Frevocation, UI-based configuration, or priority support, consider checking out \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=description_link_soft\" rel=\"nofollow ugc\">JWT Authentication PRO\u003C\u002Fa>\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Support and Requests:\u003C\u002Fstrong> Please use \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FTmeister\u002Fwp-api-jwt-auth\u002Fissues\" rel=\"nofollow ugc\">GitHub Issues\u003C\u002Fa>. For priority support, consider upgrading to \u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=description_support_link\" rel=\"nofollow ugc\">PRO\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>REQUIREMENTS\u003C\u002Fh3>\n\u003Ch4>WP REST API V2\u003C\u002Fh4>\n\u003Cp>This plugin was conceived to extend the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWP-API\u002FWP-API\" rel=\"nofollow ugc\">WP REST API V2\u003C\u002Fa> plugin features and, of course, was built on top of it.\u003C\u002Fp>\n\u003Cp>So, to use the \u003Cstrong>wp-api-jwt-auth\u003C\u002Fstrong> you need to install and activate \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWP-API\u002FWP-API\" rel=\"nofollow ugc\">WP REST API\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>PHP\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Minimum PHP version: 7.4.0\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>PHP HTTP Authorization Header Enable\u003C\u002Fh3>\n\u003Cp>Most shared hosting providers have disabled the \u003Cstrong>HTTP Authorization Header\u003C\u002Fstrong> by default.\u003C\u002Fp>\n\u003Cp>To enable this option you’ll need to edit your \u003Cstrong>.htaccess\u003C\u002Fstrong> file by adding the following:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>RewriteEngine on\nRewriteCond %{HTTP:Authorization} ^(.*)\nRewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>WPENGINE\u003C\u002Fh4>\n\u003Cp>For WPEngine hosting, you’ll need to edit your \u003Cstrong>.htaccess\u003C\u002Fstrong> file by adding the following:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>SetEnvIf Authorization \"(.*)\" HTTP_AUTHORIZATION=$1\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>See https:\u002F\u002Fgithub.com\u002FTmeister\u002Fwp-api-jwt-auth\u002Fissues\u002F1 for more details.\u003C\u002Fp>\n\u003Ch3>CONFIGURATION\u003C\u002Fh3>\n\u003Ch3>Configure the Secret Key\u003C\u002Fh3>\n\u003Cp>The JWT needs a \u003Cstrong>secret key\u003C\u002Fstrong> to sign the token. This \u003Cstrong>secret key\u003C\u002Fstrong> must be unique and never revealed.\u003C\u002Fp>\n\u003Cp>To add the \u003Cstrong>secret key\u003C\u002Fstrong>, edit your wp-config.php file and add a new constant called \u003Cstrong>JWT_AUTH_SECRET_KEY\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define('JWT_AUTH_SECRET_KEY', 'your-top-secret-key');\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>You can generate a secure key from: https:\u002F\u002Fapi.wordpress.org\u002Fsecret-key\u002F1.1\u002Fsalt\u002F\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Looking for easier configuration?\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=config_secret_key_link\" rel=\"nofollow ugc\">JWT Authentication PRO\u003C\u002Fa> allows you to manage all settings through a simple admin UI.\u003C\u002Fp>\n\u003Ch3>Configure CORS Support\u003C\u002Fh3>\n\u003Cp>The \u003Cstrong>wp-api-jwt-auth\u003C\u002Fstrong> plugin has the option to activate \u003Ca href=\"https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FCross-origin_resource_sharing\" rel=\"nofollow ugc\">CORS\u003C\u002Fa> support.\u003C\u002Fp>\n\u003Cp>To enable CORS Support, edit your wp-config.php file and add a new constant called \u003Cstrong>JWT_AUTH_CORS_ENABLE\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define('JWT_AUTH_CORS_ENABLE', true);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Finally, activate the plugin within your wp-admin.\u003C\u002Fp>\n\u003Ch3>Namespace and Endpoints\u003C\u002Fh3>\n\u003Cp>When the plugin is activated, a new namespace is added:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u002Fjwt-auth\u002Fv1\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Also, two new endpoints are added to this namespace:\u003C\u002Fp>\n\u003Cp>Endpoint | HTTP Verb\u003Cbr \u002F>\n\u003Cem>\u002Fwp-json\u002Fjwt-auth\u002Fv1\u002Ftoken\u003C\u002Fem> | POST\u003Cbr \u002F>\n\u003Cem>\u002Fwp-json\u002Fjwt-auth\u002Fv1\u002Ftoken\u002Fvalidate\u003C\u002Fem> | POST\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Need more functionality?\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=endpoints_pro_note\" rel=\"nofollow ugc\">JWT Authentication PRO\u003C\u002Fa> includes additional endpoints for token refresh and revocation.\u003C\u002Fp>\n\u003Ch3>USAGE\u003C\u002Fh3>\n\u003Ch4>\u002Fwp-json\u002Fjwt-auth\u002Fv1\u002Ftoken\u003C\u002Fh4>\n\u003Cp>This is the entry point for JWT Authentication.\u003C\u002Fp>\n\u003Cp>It validates the user credentials, \u003Cem>username\u003C\u002Fem> and \u003Cem>password\u003C\u002Fem>, and returns a token to use in future requests to the API if the authentication is correct, or an error if authentication fails.\u003C\u002Fp>\n\u003Cp>Sample Request Using AngularJS\u003C\u002Fp>\n\u003Cpre>\u003Ccode>(function() {\n  var app = angular.module('jwtAuth', []);\n\n  app.controller('MainController', function($scope, $http) {\n    var apiHost = 'http:\u002F\u002Fyourdomain.com\u002Fwp-json';\n\n    $http.post(apiHost + '\u002Fjwt-auth\u002Fv1\u002Ftoken', {\n      username: 'admin',\n      password: 'password'\n    })\n    .then(function(response) {\n      console.log(response.data)\n    })\n    .catch(function(error) {\n      console.error('Error', error.data[0]);\n    });\n  });\n})();\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Success Response From The Server\u003C\u002Fp>\n\u003Cpre>\u003Ccode>{\n  \"token\": \"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOlwvXC9qd3QuZGV2IiwiaWF0IjoxNDM4NTcxMDUwLCJuYmYiOjE0Mzg1NzEwNTAsImV4cCI6MTQzOTE3NTg1MCwiZGF0YSI6eyJ1c2VyIjp7ImlkIjoiMSJ9fX0.YNe6AyWW4B7ZwfFE5wJ0O6qQ8QFcYizimDmBy6hCH_8\",\n  \"user_display_name\": \"admin\",\n  \"user_email\": \"admin@localhost.dev\",\n  \"user_nicename\": \"admin\"\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Error Response From The Server\u003C\u002Fp>\n\u003Cpre>\u003Ccode>{\n  \"code\": \"jwt_auth_failed\",\n  \"data\": {\n    \"status\": 403\n  },\n  \"message\": \"Invalid Credentials.\"\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Once you get the token, you must store it somewhere in your application, e.g., in a \u003Cstrong>cookie\u003C\u002Fstrong> or using \u003Cstrong>localStorage\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>From this point, you should pass this token with every API call.\u003C\u002Fp>\n\u003Cp>Sample Call Using The Authorization Header With AngularJS\u003C\u002Fp>\n\u003Cpre>\u003Ccode>app.config(function($httpProvider) {\n  $httpProvider.interceptors.push(['$q', '$location', '$cookies', function($q, $location, $cookies) {\n    return {\n      'request': function(config) {\n        config.headers = config.headers || {};\n        \u002F\u002F Assume that you store the token in a cookie\n        var globals = $cookies.getObject('globals') || {};\n        \u002F\u002F If the cookie has the CurrentUser and the token\n        \u002F\u002F add the Authorization header in each request\n        if (globals.currentUser && globals.currentUser.token) {\n          config.headers.Authorization = 'Bearer ' + globals.currentUser.token;\n        }\n        return config;\n      }\n    };\n  }]);\n});\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>The \u003Cstrong>wp-api-jwt-auth\u003C\u002Fstrong> plugin will intercept every call to the server and will look for the Authorization Header. If the Authorization header is present, it will try to decode the token and will set the user according to the data stored in it.\u003C\u002Fp>\n\u003Cp>If the token is valid, the API call flow will continue as normal.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Sample Headers\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>POST \u002Fresource HTTP\u002F1.1\nHost: server.example.com\nAuthorization: Bearer mF_s9.B5f-4.1JqM\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>ERRORS\u003C\u002Fh3>\n\u003Cp>If the token is invalid, an error will be returned. Here are some sample errors:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Invalid Credentials\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[\n  {\n    \"code\": \"jwt_auth_failed\",\n    \"message\": \"Invalid Credentials.\",\n    \"data\": {\n      \"status\": 403\n    }\n  }\n]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Invalid Signature\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[\n  {\n    \"code\": \"jwt_auth_invalid_token\",\n    \"message\": \"Signature verification failed\",\n    \"data\": {\n      \"status\": 403\n    }\n  }\n]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Expired Token\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[\n  {\n    \"code\": \"jwt_auth_invalid_token\",\n    \"message\": \"Expired token\",\n    \"data\": {\n      \"status\": 403\n    }\n  }\n]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Need advanced error tracking?\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=errors_pro_note\" rel=\"nofollow ugc\">JWT Authentication PRO\u003C\u002Fa> offers enhanced error tracking and monitoring capabilities.\u003C\u002Fp>\n\u003Ch4>\u002Fwp-json\u002Fjwt-auth\u002Fv1\u002Ftoken\u002Fvalidate\u003C\u002Fh4>\n\u003Cp>This is a simple helper endpoint to validate a token. You only need to make a POST request with the Authorization header.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Valid Token Response\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>{\n  \"code\": \"jwt_auth_valid_token\",\n  \"data\": {\n    \"status\": 200\n  }\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>AVAILABLE HOOKS\u003C\u002Fh3>\n\u003Cp>The \u003Cstrong>wp-api-jwt-auth\u003C\u002Fstrong> plugin is developer-friendly and provides five filters to override the default settings.\u003C\u002Fp>\n\u003Ch4>jwt_auth_cors_allow_headers\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_cors_allow_headers\u003C\u002Fstrong> filter allows you to modify the available headers when CORS support is enabled.\u003C\u002Fp>\n\u003Cp>Default Value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>'Access-Control-Allow-Headers, Content-Type, Authorization'\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>jwt_auth_not_before\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_not_before\u003C\u002Fstrong> filter allows you to change the \u003Ca href=\"https:\u002F\u002Ftools.ietf.org\u002Fhtml\u002Frfc7519#section-4.1.5\" rel=\"nofollow ugc\">\u003Cstrong>nbf\u003C\u002Fstrong>\u003C\u002Fa> value before the token is created.\u003C\u002Fp>\n\u003Cp>Default Value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Creation time - time()\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>jwt_auth_expire\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_expire\u003C\u002Fstrong> filter allows you to change the \u003Ca href=\"https:\u002F\u002Ftools.ietf.org\u002Fhtml\u002Frfc7519#section-4.1.4\" rel=\"nofollow ugc\">\u003Cstrong>exp\u003C\u002Fstrong>\u003C\u002Fa> value before the token is created.\u003C\u002Fp>\n\u003Cp>Default Value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>time() + (DAY_IN_SECONDS * 7)\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>jwt_auth_token_before_sign\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_token_before_sign\u003C\u002Fstrong> filter allows you to modify all token data before it is encoded and signed.\u003C\u002Fp>\n\u003Cp>Default Value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$token = array(\n    'iss' => get_bloginfo('url'),\n    'iat' => $issuedAt,\n    'nbf' => $notBefore,\n    'exp' => $expire,\n    'data' => array(\n        'user' => array(\n            'id' => $user->data->ID,\n        )\n    )\n);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Want easier customization?\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=hook_payload_pro_note\" rel=\"nofollow ugc\">JWT Authentication PRO\u003C\u002Fa> allows you to add custom claims directly through the admin UI.\u003C\u002Fp>\n\u003Ch4>jwt_auth_token_before_dispatch\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_token_before_dispatch\u003C\u002Fstrong> filter allows you to modify the response array before it is sent to the client.\u003C\u002Fp>\n\u003Cp>Default Value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$data = array(\n    'token' => $token,\n    'user_email' => $user->data->user_email,\n    'user_nicename' => $user->data->user_nicename,\n    'user_display_name' => $user->data->display_name,\n);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>jwt_auth_algorithm\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_algorithm\u003C\u002Fstrong> filter allows you to modify the signing algorithm.\u003C\u002Fp>\n\u003Cp>Default value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$token = JWT::encode(\n    apply_filters('jwt_auth_token_before_sign', $token, $user),\n    $secret_key,\n    apply_filters('jwt_auth_algorithm', 'HS256')\n);\n\n\u002F\u002F ...\n\n$token = JWT::decode(\n    $token,\n    new Key($secret_key, apply_filters('jwt_auth_algorithm', 'HS256'))\n);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>JWT Authentication PRO\u003C\u002Fh3>\n\u003Cp>Elevate your WordPress security and integration capabilities with \u003Cstrong>JWT Authentication PRO\u003C\u002Fstrong>. Building upon the solid foundation of the free version, the PRO version offers advanced features, enhanced security options, and a streamlined user experience:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Easy Configuration UI:\u003C\u002Fstrong> Manage all settings directly from the WordPress admin area.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Refresh Endpoint:\u003C\u002Fstrong> Allow users to refresh expired tokens seamlessly without requiring re-login.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Revocation Endpoint:\u003C\u002Fstrong> Immediately invalidate specific tokens for enhanced security control.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable Token Payload:\u003C\u002Fstrong> Add custom claims to your JWT payload to suit your specific application needs.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Granular CORS Control:\u003C\u002Fstrong> Define allowed origins and headers with more precision directly in the settings.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Rate Limiting:\u003C\u002Fstrong> Protect your endpoints from abuse with configurable rate limits.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Audit Logs:\u003C\u002Fstrong> Keep track of token generation, validation, and errors.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Priority Support:\u003C\u002Fstrong> Get faster, dedicated support directly from the developer.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=pro_section_cta\" rel=\"nofollow ugc\">Upgrade to JWT Authentication PRO Today!\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>Free vs. PRO Comparison\u003C\u002Fh3>\n\u003Cp>Here’s a quick look at the key differences:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Basic JWT Authentication:\u003C\u002Fstrong> Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Generation:\u003C\u002Fstrong> Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Validation:\u003C\u002Fstrong> Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Refresh Mechanism:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Revocation:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Management Dashboard:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Analytics & Monitoring:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Geo-IP Identification:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Rate Limiting:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Detailed Documentation:\u003C\u002Fstrong> Basic (Free), Comprehensive (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer Tools:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Premium Support:\u003C\u002Fstrong> Community via GitHub (Free), Priority Direct Support (PRO)\u003C\u002Fli>\n\u003C\u002Ful>\n","Extends the WP REST API using JSON Web Tokens Authentication as an authentication method.",60000,893830,88,53,"2026-02-18T00:58:00.000Z","4.2","7.4.0",[53,54,55,56,57],"json-web-authentication","jwt","oauth","rest-api","wp-api","https:\u002F\u002Fenriquechavez.co","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjwt-authentication-for-wp-rest-api.1.5.0.zip",{"slug":61,"name":62,"version":63,"author":64,"author_profile":65,"description":66,"short_description":67,"active_installs":68,"downloaded":69,"rating":47,"num_ratings":70,"last_updated":71,"tested_up_to":15,"requires_at_least":72,"requires_php":73,"tags":74,"homepage":78,"download_link":79,"security_score":80,"vuln_count":81,"unpatched_count":13,"last_vuln_date":82,"fetched_at":28},"wp-rest-api-authentication","JWT Authentication for WP REST APIs","4.3.0","miniOrange","https:\u002F\u002Fprofiles.wordpress.org\u002Fcyberlord92\u002F","\u003Cp>\u003Cstrong>WordPress REST API endpoints\u003C\u002Fstrong> are \u003Cstrong>open and unsecured by default\u003C\u002Fstrong> which can be used to access your site data. Secure WordPress APIs from unauthorized users with our \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fwordpress-rest-api-authentication\" rel=\"nofollow ugc\">JWT Authentication for WP REST APIs plugin\u003C\u002Fa>\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>Our plugin offers below authentication methods to \u003Cstrong>Protect WP REST API endpoints\u003C\u002Fstrong>:\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fwordpress-rest-api-jwt-authentication-method\" rel=\"nofollow ugc\">JWT Authentication\u003C\u002Fa>\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fwordpress-rest-api-basic-authentication-method\" rel=\"nofollow ugc\">Basic Authentication\u003C\u002Fa>\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Frest-api-key-authentication-method\" rel=\"nofollow ugc\">API Key Authentication\u003C\u002Fa>\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fwordpress-rest-api-oauth-2-0-authentication-method\" rel=\"nofollow ugc\">OAuth 2.0 Authentication\u003C\u002Fa>\u003Cbr \u002F>\n– External Token based Authentication 2.0\u002FOIDC\u002FJWT\u002F\u003Ca href=\"https:\u002F\u002Ffirebase.google.com\u002Fdocs\u002Fauth\u002Fadmin\u002Fcreate-custom-tokens\" rel=\"nofollow ugc\">Firebase\u003C\u002Fa> provider’s token authentication methods.\u003C\u002Fp>\n\u003Cp>You can authenticate default WordPress endpoints and custom-developed REST endpoints and third-party plugin REST API endpoints like that of \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoocommerce\u002F\" rel=\"ugc\">Woocommerce\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwww.learndash.com\u002F\" rel=\"nofollow ugc\">Learndash\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbuddypress\u002F\" rel=\"ugc\">Buddypress\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwww.gravityforms.com\u002F\" rel=\"nofollow ugc\">Gravity Forms\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcart-rest-api-for-woocommerce\u002F\" rel=\"ugc\">CoCart\u003C\u002Fa>, etc.\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FIsyKI7eEV-I?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&start=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch3>WP REST API Authentication Methods in our plugin\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fwordpress-rest-api-jwt-authentication-method#step_a1\" rel=\"nofollow ugc\">JWT Authentication\u003C\u002Fa>\u003Cbr \u002F>\nProvides an endpoint where you can pass the user credentials, and it will generate a JWT (JSON Web Token), which you can use to access the WordPress REST APIs accordingly.\u003Cbr \u002F>\nAdditionally, to maintain a seamless user experience without frequent logins needed due to token expiry, you can use our \u003Cem>Refresh and Revoke token\u003C\u002Fem> mechanisms feature.\u003Cbr \u002F>\nWhen the access token expires, instead of forcing the user to log in again, the client can request a new access token using a valid refresh token.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Frest-api-key-authentication-method#step_a\" rel=\"nofollow ugc\">API Key Authentication\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fwordpress-rest-api-basic-authentication-method\" rel=\"nofollow ugc\">Basic Authentication\u003C\u002Fa>:\u003Cbr \u002F>\n        – 1. \u003Cstrong>Username: Password\u003C\u002Fstrong>\u003Cbr \u002F>\n        – 2. \u003Cstrong>Client-ID: Client-Secret\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fwordpress-rest-api-oauth-2-0-authentication-method#step_a\" rel=\"nofollow ugc\">OAuth 2.0 Authentication\u003C\u002Fa>\u003Cbr \u002F>\n        – 1. \u003Cstrong>Password Grant\u003C\u002Fstrong>\u003Cbr \u002F>\n            – 2. \u003Cstrong>Client Credentials Grant\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fwordpress-rest-api-authentication-using-third-party-provider#step_a\" rel=\"nofollow ugc\">Third Party Provider Authentication\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Following are some of the integrations that are possible with WP REST API Authentication:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Learndash API Authentication\u003C\u002Fli>\n\u003Cli>Custom Built REST API Endpoints Authentication\u003C\u002Fli>\n\u003Cli>BuddyPress API Authentication\u003C\u002Fli>\n\u003Cli>WooCommerce API Authentication\u003C\u002Fli>\n\u003Cli>Gravity Form API Authentication\u003C\u002Fli>\n\u003Cli>External\u002FThird-party plugin API endpoints integration in WordPress\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can also disable the WP REST APIs with our plugin such that no one can make API calls to your WordPress REST API endpoints.Our plugin also provides \u003Cstrong>Refresh and Revoke Token\u003C\u002Fstrong> that can be used to improve the API security.\u003C\u002Fp>\n\u003Ch3>Benefits of Refresh Token\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Enhances security by keeping access tokens short-lived.\u003C\u002Fli>\n\u003Cli>Improves user experience with uninterrupted sessions.\u003C\u002Fli>\n\u003Cli>Reduces login frequency.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Benefits of Revoke Token\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Protects against token misuse if a device is lost or compromised.\u003C\u002Fli>\n\u003Cli>Enables admin-triggered logouts or session control.\u003C\u002Fli>\n\u003Cli>Useful for complying with stricter session policies.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>With this plugin, the user is allowed to access your site’s resources only after successful WP REST API authentication. JWT Authentication for WP REST APIs plugin will make your \u003Cstrong>WordPress endpoints secure from unauthorized access.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>Plugin Feature List\u003C\u002Fh3>\n\u003Ch3>FREE PLAN\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Authenticate only default core WordPress REST API endpoints.\u003C\u002Fli>\n\u003Cli>Basic Authentication with username and password.\u003C\u002Fli>\n\u003Cli>JWT Authentication (JSON Web Token Authentication).\u003C\u002Fli>\n\u003Cli>Enable Selective API protection.\u003C\u002Fli>\n\u003Cli>Restrict non-logged-in users to access REST API endpoints.\u003C\u002Fli>\n\u003Cli>Disable WP REST APIs\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>PREMIUM PLAN\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Authenticate all REST API endpoints (Default WP, Custom APIs,Third-Party plugins)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>JWT Token Authentication\u003C\u002Fstrong> (JSON Web Token Authentication)\u003C\u002Fli>\n\u003Cli>Login, Refresh and Revoke token endpoints for token management\u003C\u002Fli>\n\u003Cli>API Key Authentication\u003C\u002Fli>\n\u003Cli>Basic Authentication (username\u002Fpassword and email\u002Fpassword)\u003C\u002Fli>\n\u003Cli>OAuth 2.0 Authentication\u003C\u002Fli>\n\u003Cli>Universal API key and User-specific API key for authentication\u003C\u002Fli>\n\u003Cli>Selective API protection.\u003C\u002Fli>\n\u003Cli>Disable WP REST APIs\u003C\u002Fli>\n\u003Cli>Time-based token expiry\u003C\u002Fli>\n\u003Cli>Role-based WP REST API authentication\u003C\u002Fli>\n\u003Cli>Custom Header support rather than just \u003Cem>Authorization\u003C\u002Fem> to increase security.\u003C\u002Fli>\n\u003Cli>Create users in WordPress based on third-party provider access tokens (JWT tokens) authentication.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Privacy\u003C\u002Fh3>\n\u003Cp>This plugin does not store any user data.\u003C\u002Fp>\n","Secure and protect WordPress REST API from unauthorized access using JWT token, Basic Authentication, API Key, OAuth 2, or external token.",20000,490496,73,"2026-02-09T05:11:00.000Z","3.0.1","5.6",[75,76,22,56,77],"api-key","jwt-authentication","secure-api","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-rest-api-authentication","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-rest-api-authentication.4.3.0.zip",97,2,"2025-04-16 00:00:00",{"slug":84,"name":85,"version":86,"author":87,"author_profile":88,"description":89,"short_description":90,"active_installs":91,"downloaded":92,"rating":26,"num_ratings":93,"last_updated":94,"tested_up_to":15,"requires_at_least":73,"requires_php":17,"tags":95,"homepage":98,"download_link":99,"security_score":100,"vuln_count":81,"unpatched_count":13,"last_vuln_date":101,"fetched_at":28},"wpgetapi","WPGet API – Connect to any external REST API","2.25.4","David Anderson \u002F Team Updraft","https:\u002F\u002Fprofiles.wordpress.org\u002Fdavidanderson\u002F","\u003Cp>Connect WordPress to external APIs, without code.\u003C\u002Fp>\n\u003Cp>Easily send data to any API and get data from unlimited 3rd party REST APIs. Format and display the returned data on your WordPress website using a shortcode or a template tag.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FX50qINEs1yo?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>WPGet API supports virtually all authentication methods including API keys, bearer tokens, basic auth, username\u002Fpassword and \u003Ca href=\"https:\u002F\u002Fwpgetapi.com\u002Fdownloads\u002Foauth-2-0-authentication\u002F?utm_campaign=OAuth&utm_medium=wporg&utm_source=readme\" rel=\"nofollow ugc\">OAuth 2.0 authorization\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Live Examples\u003C\u002Fh3>\n\u003Cp>View our live examples of connecting to several different APIs and displaying the data in various unique ways including charts, graphs, tables and weather forecasts.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwpgetapi.com\u002Fdemo-connecting-wordpress-to-external-api\u002F?utm_campaign=Demo&utm_medium=wporg&utm_source=readme\" rel=\"nofollow ugc\">LIVE EXAMPLES – Connecting WordPress to external APIs\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Major Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Connect your WordPress website to any REST API\u003C\u002Fli>\n\u003Cli>Unlimited APIs & endpoints\u003C\u002Fli>\n\u003Cli>No coding required\u003C\u002Fli>\n\u003Cli>Display API data using a template tag or shortcode\u003C\u002Fli>\n\u003Cli>GET, POST, PUT, PATCH & DELETE methods\u003C\u002Fli>\n\u003Cli>Add query string, header & body parameters\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Documentation\u003C\u002Fh3>\n\u003Cp>We have tons of articles and help available.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpgetapi.com\u002Fdocs\u002Fquick-start-guide\u002F?utm_campaign=Docs&utm_medium=wporg&utm_source=readme\" rel=\"nofollow ugc\">Quick Start Guide\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpgetapi.com\u002Fdocs\u002Fstep-by-step-example\u002F?utm_campaign=Docs&utm_medium=wporg&utm_source=readme\" rel=\"nofollow ugc\">Step by Step Example\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpgetapi.com\u002Fdocs\u002Ffrequently-asked-questions\u002F?utm_campaign=Docs&utm_medium=wporg&utm_source=readme\" rel=\"nofollow ugc\">Frequently Asked Questions\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpgetapi.com\u002Fdocs\u002Fwill-this-work-with-my-api\u002F?utm_campaign=OAuth&utm_medium=wporg&utm_source=readme\" rel=\"nofollow ugc\">Will this work with my API?\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Extending WPGet API\u003C\u002Fh3>\n\u003Ch4>PRO Plugin\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwpgetapi.com\u002Fdownloads\u002Fpro-plugin\u002F?utm_campaign=Pro&utm_medium=wporg&utm_source=readme\" rel=\"nofollow ugc\">PRO Plugin\u003C\u002Fa>\u003C\u002Fstrong> provides many extra features that allow you to do some more advanced things with your APIs. Features of the PRO Plugin include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Actions – automate your API when an action happens on your site\u003C\u002Fli>\n\u003Cli>Tokens – grab dynamic data without code and send to your API\u003C\u002Fli>\n\u003Cli>Dynamic variables – a PHP solution for grabbing dynamic values\u003C\u002Fli>\n\u003Cli>Chain API calls\u003C\u002Fli>\n\u003Cli>Cache API calls\u003C\u002Fli>\n\u003Cli>Format API data into HTML\u003C\u002Fli>\n\u003Cli>Retrieve nested data\u003C\u002Fli>\n\u003Cli>Base64 encoded auth\u003C\u002Fli>\n\u003Cli>XML format\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>API to Posts Plugin\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwpgetapi.com\u002Fdownloads\u002Fapi-to-posts\u002F?utm_campaign=APItoPosts&utm_medium=wporg&utm_source=readme\" rel=\"nofollow ugc\">API to Posts Plugin\u003C\u002Fa>\u003C\u002Fstrong> allows you to import API data and create WooCommerce products or custom posts from this API data. Features of the API to Posts Plugin include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Import API data\u003C\u002Fli>\n\u003Cli>Import from unlimited endpoints\u003C\u002Fli>\n\u003Cli>Map API data to WordPress fields\u003C\u002Fli>\n\u003Cli>Supports custom fields, ACF, tags, categories, custom taxonomies, images and more\u003C\u002Fli>\n\u003Cli>Supports all standard WooCommerce fields\u003C\u002Fli>\n\u003Cli>Create WooCommerce products from API data\u003C\u002Fli>\n\u003Cli>Sync API to WooCommerce products & posts\u003C\u002Fli>\n\u003Cli>Set interval of sync from every minutes up to once a week\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>OAuth 2.0 Authorization\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwpgetapi.com\u002Fdownloads\u002Foauth-2-0-authentication\u002F?utm_campaign=OAuth&utm_medium=wporg&utm_source=readme\" rel=\"nofollow ugc\">OAuth 2.0 Authorization\u003C\u002Fa>\u003C\u002Fstrong> plugin allows authorization of your API through the OAuth 2.0 method.\u003C\u002Fp>\n\u003Ch3>WPGet API Integrations\u003C\u002Fh3>\n\u003Cp>WPGet API integrates extremely well with other WordPress plugins, allowing you to do some very cool things with your API. Click the links below for more info on these integrations.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpgetapi.com\u002Fdocs\u002Fconnect-woocommerce-to-api\u002F?utm_campaign=Integrations&utm_medium=wporg&utm_source=readme\" rel=\"nofollow ugc\">WooCommerce to API\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpgetapi.com\u002Fdocs\u002Fwoocommerce-api-product-sync\u002F?utm_campaign=Integrations&utm_medium=wporg&utm_source=readme\" rel=\"nofollow ugc\">WooCommerce API Product Sync\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpgetapi.com\u002Fdocs\u002Fsend-contact-form-7-data-to-api\u002F?utm_campaign=Integrations&utm_medium=wporg&utm_source=readme\" rel=\"nofollow ugc\">Contact Form 7 send data to API\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpgetapi.com\u002Fdocs\u002Fsend-wpforms-data-to-api\u002F?utm_campaign=Integrations&utm_medium=wporg&utm_source=readme\" rel=\"nofollow ugc\">WPForms send data to API\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpgetapi.com\u002Fdocs\u002Fsend-gravity-forms-data-to-api\u002F?utm_campaign=Integrations&utm_medium=wporg&utm_source=readme\" rel=\"nofollow ugc\">Gravity Forms send data to API\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpgetapi.com\u002Fdocs\u002Fusing-with-wpdatatables\u002F?utm_campaign=Integrations&utm_medium=wporg&utm_source=readme\" rel=\"nofollow ugc\">Charts & Tables from API data using wpDataTables\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Translating WPGet API\u003C\u002Fh3>\n\u003Cp>You can translate WPGet API into your own language on \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fwpgetapi\u002F\" rel=\"nofollow ugc\">translate.wordpress.org\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Here is an article to help \u003Ca href=\"https:\u002F\u002Fmake.wordpress.org\u002Fpolyglots\u002Fhandbook\u002Ftranslating\u002Ffirst-steps\u002F\" rel=\"nofollow ugc\">get started with translations\u003C\u002Fa>\u003C\u002Fp>\n","Connect any REST API to WordPress. WPGet API enables easy API integration, allowing you to display API data without any code.",10000,245936,32,"2025-11-12T16:22:00.000Z",[19,21,96,97,22],"external-api","json","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwpgetapi\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpgetapi.2.25.4.zip",99,"2025-03-06 20:56:52",{"slug":103,"name":104,"version":105,"author":106,"author_profile":107,"description":108,"short_description":109,"active_installs":110,"downloaded":111,"rating":112,"num_ratings":113,"last_updated":114,"tested_up_to":115,"requires_at_least":116,"requires_php":117,"tags":118,"homepage":117,"download_link":121,"security_score":122,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"wp-rest-api-controller","WP REST API Controller","2.1.2","Evan Herman","https:\u002F\u002Fprofiles.wordpress.org\u002Feherman24\u002F","\u003Cp>WP REST API Controller allows admins to toggle the visibility of, and customize the endpoints for, all core and \u003Cem>custom\u003C\u002Fem> post types and taxonomies within WordPress with an easy-to-use graphical interface. Additionally, you can tweak visibility and customize the meta data attached to the API response.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Note:\u003C\u002Fstrong> This plugin requires WordPress Version 4.7 or later to work.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Enable\u002FDisable REST API endpoints for post types and taxonomies.\u003C\u002Fli>\n\u003Cli>Enable\u002FDisable post type\u002Ftaxonomy meta data (add or remove meta fields from API requests).\u003C\u002Fli>\n\u003Cli>Rename post type\u002Ftaxonomy base endpoints.\u003C\u002Fli>\n\u003Cli>Rename post type\u002Ftaxonomy meta data names in API requests so they are more user friendly.\u003C\u002Fli>\n\u003Cli>Manipulate and control post types\u002Ftaxonomies and their data created by third party plugins and themes.\u003C\u002Fli>\n\u003Cli>Granular control of API responses without writing a single line of PHP code.\u003C\u002Fli>\n\u003Cli>Filters included to alter and extend default functionality.\u003C\u002Fli>\n\u003Cli>Localized and ready for translations.\u003C\u002Fli>\n\u003C\u002Ful>\n","Enable a UI to toggle visibility and customize properties in WP REST API requests.",9000,184537,86,12,"2023-03-22T07:24:00.000Z","6.2.9","4.7","",[19,119,21,120,22],"controller","meta","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-rest-api-controller.2.1.2.zip",85,{"slug":124,"name":125,"version":126,"author":127,"author_profile":128,"description":129,"short_description":130,"active_installs":131,"downloaded":132,"rating":26,"num_ratings":81,"last_updated":133,"tested_up_to":134,"requires_at_least":135,"requires_php":73,"tags":136,"homepage":139,"download_link":140,"security_score":141,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"smntcs-disable-rest-api-user-endpoints","SMNTCS Disable REST API User Endpoints","2.4","Niels Lange","https:\u002F\u002Fprofiles.wordpress.org\u002Fnielslange\u002F","\u003Cp>With WordPress 4.7 the REST API is part of the core. At the moment everyone has read access to the REST API. As a result of that a potential intruder can retrieve a list of all user slugs via \u003Ccode>\u002Fwp-json\u002Fwp\u002Fv2\u002Fusers\u003C\u002Fcode>. This plugin disables the REST API user endpoints to obscure the user slugs.\u003C\u002Fp>\n\u003Ch3>Contribute\u003C\u002Fh3>\n\u003Cp>Contributions are more than welcome. Simply head over to \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fnielslange\u002Fsmntcs-disable-rest-api-user-endpoints\u002F\" rel=\"nofollow ugc\">Github\u003C\u002Fa> and open an issue or a pull request.\u003C\u002Fp>\n","Disable the REST API user endpoints due to obscure user slugs.",6000,29155,"2024-12-31T06:23:00.000Z","6.7.5","5.5",[137,56,138],"endpoints","security","https:\u002F\u002Fgithub.com\u002Fnielslange\u002Fsmntcs-disable-rest-api-user-endpoints","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsmntcs-disable-rest-api-user-endpoints.2.4.zip",92,{"attackSurface":143,"codeSignals":156,"taintFlows":164,"riskAssessment":165,"analyzedAt":168},{"hooks":144,"ajaxHandlers":152,"restRoutes":153,"shortcodes":154,"cronEvents":155,"entryPointCount":13,"unprotectedCount":13},[145],{"type":146,"name":147,"callback":148,"priority":149,"file":150,"line":151},"filter","rest_pre_dispatch","anonymous",99999,"require-auth-users-rest-endpoint.php",63,[],[],[],[],{"dangerousFunctions":157,"sqlUsage":158,"outputEscaping":160,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":162,"bundledLibraries":163},[],{"prepared":13,"raw":13,"locations":159},[],{"escaped":13,"rawEcho":13,"locations":161},[],1,[],[],{"summary":166,"deductions":167},"The 'require-auth-users-rest-endpoint' plugin, version 1.0.0, exhibits a very strong security posture based on the provided static analysis.  The absence of any identified dangerous functions, SQL injection vulnerabilities, unescaped output, file operations, or external HTTP requests is a significant positive.  The fact that all SQL queries utilize prepared statements and that the single capability check is present further reinforces this good practice.  The plugin also has a clean vulnerability history with no known CVEs, indicating a history of secure development or effective patching.\n\nThe analysis shows zero entry points from AJAX handlers, REST API routes, shortcodes, or cron events that are unprotected. The taint analysis also reveals no identified flows with unsanitized paths, suggesting that user input, if processed, is being handled securely.  The complete lack of any identified vulnerabilities in the history further strengthens the assessment of its current security. \n\nOverall, this plugin appears to be developed with security as a high priority.  The strengths far outweigh any potential concerns, and the absence of any identified vulnerabilities or exploitable code signals suggests a low risk of compromise.  The plugin's limited attack surface and robust coding practices contribute to its secure profile.",[],"2026-03-16T22:38:06.017Z",{"wat":170,"direct":175},{"assetPaths":171,"generatorPatterns":172,"scriptPaths":173,"versionParams":174},[],[],[],[],{"cssClasses":176,"htmlComments":177,"htmlAttributes":178,"restEndpoints":179,"jsGlobals":181,"shortcodeOutput":182},[],[],[],[180],"\u002Fwp\u002Fv2\u002Fusers",[],[]]