[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fxqTwJNtUggIAcFC13ur2rf6CNO1nUnQZu2UR8LCoOr4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":35,"analysis":142,"fingerprints":175},"wp-api-multiple-posttype","WP Rest Api V2 Multiple PostTypes","1.0.3","salilkothadia","https:\u002F\u002Fprofiles.wordpress.org\u002Fsalilkothadia\u002F","\u003Ch3>Multiple Content type Query API for WordPress Rest Api V2\u003C\u002Fh3>\n\u003Cp>Extension of wp\u002Fv2\u002Fposts api to allow query multiple post types\u003C\u002Fp>\n\u003Ch3>About\u003C\u002Fh3>\n\u003Cp>Want to get your site’s posts, pages, articles, events?\u003C\u002Fp>\n\u003Cp>Use the Endpoint: ‘\u002Fwp-json\u002Fwp\u002Fv2\u002Fmultiple-post-type’\u003C\u002Fp>\n\u003Cp>List:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>GET request to `\u002Fwp-json\u002Fwp\u002Fv2\u002Fmultiple-post-type?&type[]=post&type[]=page`\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Get the page with slug “about-me”:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>GET \u002Fwp-json\u002Fwp\u002Fv2\u002Fmultiple-post-type?slug=about-me&type[]=post&type[]=page\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Search term “awesome”:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>GET \u002Fwp-json\u002Fwp\u002Fv2\u002Fmultiple-post-type?search=awesome&type[]=post&type[]=page&type[]=articles\u003Ch3>Credits\u003C\u002Fh3>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Build using the code shared by Ruben Vreeken, (https:\u002F\u002Fgithub.com\u002FRayraz)\u003Cbr \u002F>\non stackoverflow (http:\u002F\u002Fstackoverflow.com\u002Fquestions\u002F38059805\u002Fquery-multiple-post-types-using-wp-rest-api-v2-wordpress)\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-3.0.html\" rel=\"nofollow ugc\">GPLv3\u003C\u002Fa>\u003C\u002Fp>\n","Multiple Content type Query API for Wordpress Rest Api V2",100,3316,0,"2018-07-12T14:37:00.000Z","4.9.29","4.8","5.2.4",[19,20,21,22,23],"api","json","posttypes","restapi","v2","https:\u002F\u002Fgithub.com\u002Felevati\u002Fwp-api-multiple-posttype","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-api-multiple-posttype.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},1,30,84,"2026-04-04T18:24:00.733Z",[36,63,85,107,125],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":46,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":51,"tags":52,"homepage":58,"download_link":59,"security_score":60,"vuln_count":61,"unpatched_count":13,"last_vuln_date":62,"fetched_at":28},"pixelyoursite","PixelYourSite – Your smart PIXEL (TAG) & API Manager","11.2.0.3","PixelYourSite","https:\u002F\u002Fprofiles.wordpress.org\u002Fpixelyoursite\u002F","\u003Cp>\u003Cstrong>PixelYourSite Free Version: Complete Tracking Solution for the Meta Pixel, Google Analytics 4, and Google Tag Manager.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Easily integrate Meta Pixel with full Conversion API support, Google Analytics 4, and Google Tag Manager into your WordPress site. Plus, use our simple Head and Footer script option to add any custom script you need for advanced tracking and optimization. The Pinterest Tag can be implemented via this \u003Ca href=\"https:\u002F\u002Fwww.pixelyoursite.com\u002Fpinterest-tag\" rel=\"nofollow ugc\">paid add-on\u003C\u002Fa>. Similar paid add-ons for the \u003Ca href=\"https:\u002F\u002Fwww.pixelyoursite.com\u002Fplugins\u002Fpixelyoursite-professional\u002Fbing-tag-add-on\" rel=\"nofollow ugc\">Bing tag\u003C\u002Fa> and for the \u003Ca href=\"https:\u002F\u002Fwww.pixelyoursite.com\u002Fplugins\u002Fpixelyoursite-professional\u002Freddit-wordpress-plugin\" rel=\"nofollow ugc\">Reddit Pixel\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Free training:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>We have a YouTube channel called \u003Ca href=\"https:\u002F\u002Fwww.youtube.com\u002Fchannel\u002FUCnie2zvwAjTLz9B4rqvAlFQ\" rel=\"nofollow ugc\">PixelYourSite\u003C\u002Fa> where we explain a lot of stuff about the plugin, Meta API, Google Analytics, Google Ads, TikTok and so on. Check this one to lean how to setup Meta Conversion API and a few tips to improve your EMQ score:\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FiIbk23Hy_6A?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cp>\u003Cstrong>PixelYourSite will help you:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Install the Meta Pixel with Conversion API support.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Install Google Analytics 4 (GA4).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Install Google Tag Manager and push events into the data layer with ZERO coding (NEW).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Configure Google Consent Mode: \u003Ca href=\"https:\u002F\u002Fwww.pixelyoursite.com\u002Fgoogle-consent-mode-v2-wordpress\" rel=\"nofollow ugc\">check this dedicated page for more details\u003C\u002Fa>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Configure Google Tag Manager Server-Side Tagging for our native GA4 script: \u003Ca href=\"https:\u002F\u002Fwww.pixelyoursite.com\u002Fgoogle-server-side-tagging-with-pixelyoursite\" rel=\"nofollow ugc\">more details here\u003C\u002Fa>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Install any other scripts with our Head & Footer option.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>PixelYourSite & WooCommerce:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>All e-commerce speciffic events are automatically  fired.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>All parameters required for dynamic ads (Meta or Google) are present.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Flexible options for product IDs (default IDs, or SKU).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>The plugin can also use Facebook for WooCommerce product ID logic. You can use our advanced tracking and Facebook for WooCommerce catalogs.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Client data is used to improve Meta EMQ score for the API events.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>PixelYourSite & Easy Digital Downloads:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>All e-commerce speciffic events are automatically  fired.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>All parameters required for dynamic ads (Meta or Google) are present.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Client data is used to improve Meta EMQ score for the API events.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Track key actions with our automated events:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Searches (search keywords are tracked as parameters).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Form submissions.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>User signups.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>User login.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Downloads (file names and type are tracked as parameters).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Comments.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Page scroll.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Time on page.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Track other actions with your own events:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Configure any standard or custom event for Meta, GA4, or GTM.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Head & Footer functionality. Add your own scripts:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>On all pages.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>On speciffic pages.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>On the WooCommerce order received page.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>For all devices, for desktop, or mobile only.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Consent & GDPR\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>The plugin integrates with some of the most popular consent solutions.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>It has consent filters allowing other consent plugins to control our scripts and cookies.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>It can fire GA4 tags with Google Consent Mode granted.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Dedicated filter that enables Meta Limited Data Use.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>It’s fully integrated with \u003Ca href=\"https:\u002F\u002Fwww.pixelyoursite.com\u002Fplugins\u002Fconsentmagic\" rel=\"nofollow ugc\">ConsentMagic\u003C\u002Fa>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Google Tag Manager\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>PixelYourSite is known for its easy integration of the Meta Pixel, Google Analytics, TikTok (paid), Pinterest (paid add-on), and Bing (paid add-on). What makes it special is its new Google Tag Manager integration, pushing all events into the GTM data layer with no coding required.\u003C\u002Fp>\n\u003Cp>GTM Container Import: to simplify GTM setup we offer you a GTM Container Import file that will configure triggers for all our events and variables for all our parameters. Version 1.0 of this file comes with Google Analytics 4 tags pre-configured: \u003Ca href=\"https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=qKJ3mmCgT3M\" rel=\"nofollow ugc\">Watch this video to learn more\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key resources:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Learn how to \u003Ca href=\"https:\u002F\u002Fwww.pixelyoursite.com\u002Fverify-domain-facebook\" rel=\"nofollow ugc\">verify your domain on Facebook\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Learn how to handle \u003Ca href=\"https:\u002F\u002Fwww.pixelyoursite.com\u002Fgoogle-consent-mode-v2-wordpress\" rel=\"nofollow ugc\">Google Consent Mode V2\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Learn how to improve \u003Ca href=\"https:\u002F\u002Fwww.pixelyoursite.com\u002Ffacebook-event-match-quality-score\" rel=\"nofollow ugc\">Meta EMQ Score\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Learn how tot track \u003Ca href=\"https:\u002F\u002Fwww.pixelyoursite.com\u002Ftrack-wordpress-forms\" rel=\"nofollow ugc\">WordPress Forms\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Learn more about \u003Ca href=\"https:\u002F\u002Fwww.pixelyoursite.com\u002Fglobal-events\" rel=\"nofollow ugc\">Automated Events\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Learn more about \u003Ca href=\"https:\u002F\u002Fwww.pixelyoursite.com\u002Fwoocommerce-first-party-reports\" rel=\"nofollow ugc\">Native WooCommerce Reports\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Learn how to \u003Ca href=\"https:\u002F\u002Fwww.pixelyoursite.com\u002Fpixelyoursite-and-chatgpt\" rel=\"nofollow ugc\">analyse PixelYourSite data with ChatGPT\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Learn how to \u003Ca href=\"https:\u002F\u002Fwww.pixelyoursite.com\u002Fgoogle-server-side-tagging-with-pixelyoursite\" rel=\"nofollow ugc\">setup GTM server side tagging with the native GA4 integration\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Even more features with our paid plugins:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>PixelYourSite development is supported by our paying customers. We’ve turned \u003Ca href=\"https:\u002F\u002Fwww.pixelyoursite.com\u002Fplugins\u002Fpixelyoursite-professional\" rel=\"nofollow ugc\">PixelYourSite Professional\u003C\u002Fa> into a powerful tracking tool. Alongside it, we offer a range of plugins, like the \u003Ca href=\"https:\u002F\u002Fwww.pixelyoursite.com\u002Fplugins\u002Fproduct-catalog-feed-for-woocommerce\" rel=\"nofollow ugc\">WooCommerce Feed Plugin\u003C\u002Fa> and our consent management solution, \u003Ca href=\"https:\u002F\u002Fwww.pixelyoursite.com\u002Fplugins\u002Fconsentmagic\" rel=\"nofollow ugc\">ConsentMagic\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>The list of paid feature is long and growing:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Support for Google Ads tags.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Support for TikTok tags.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Pinterest and Bing support via paid add-ons.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>More automated events, tracking even more key actions.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>More parameters for our events, including landing page, traffic source, or UTMs tracking.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>More triggers for your own events: Clicks on links and CSS Selectors, Number of Page Views, Mouse over CSS Selectors, Embedded video views, Email link click, Page scroll, Post type, and direct integrations with various Form plugins plus Elementor forms.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>More events triggers on top of the ones available in the free version (URL filters, Device, User role): URL parameters, Landing page, Source.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Better tracking of user data for an improved EMQ score, including the ability to get user data from forms, or URLs.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Improved tracking of WooCommerce and EDD purchases.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Support for multiple tags.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>The possibility to configure where to fire or hide a particular tag based on flexible conditions.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Native WooCommerce and EDD reporting.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>… and many more!\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>DON’T MISS:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Documentation\u003C\u002Fstrong>: learn how to use PixelYourSite free plugin. \u003Ca href=\"https:\u002F\u002Fwww.pixelyoursite.com\u002Fpixelyoursite-free-version\" rel=\"nofollow ugc\">Click here for the HELP articles\u003C\u002Fa>\u003C\u002Fp>\n","Add Meta Pixel with Conversion API, Google Analytics (GA4) + Consent Mode, Google Tag Manager, and Head & Footer scripts.",500000,18938821,86,261,"2026-02-23T11:17:00.000Z","6.9.4","4.4","5.4",[53,54,55,56,57],"google-analytics-4","google-consent-mode-v2","google-tag-manager","meta-conversion-api","meta-pixel","http:\u002F\u002Fwww.pixelyoursite.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpixelyoursite.11.2.0.3.zip",89,11,"2026-02-13 08:43:23",{"slug":64,"name":65,"version":66,"author":67,"author_profile":68,"description":69,"short_description":70,"active_installs":71,"downloaded":72,"rating":73,"num_ratings":74,"last_updated":75,"tested_up_to":76,"requires_at_least":77,"requires_php":78,"tags":79,"homepage":83,"download_link":84,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"disable-json-api","Disable REST API","1.8","Dave McHale","https:\u002F\u002Fprofiles.wordpress.org\u002Fdmchale\u002F","\u003Cp>The most comprehensive plugin for controlling access to the WordPress REST API!\u003C\u002Fp>\n\u003Cp>Works as a “set it and forget it” install. Just upload and activate, and the entire REST API will be inaccessible to your general site visitors.\u003C\u002Fp>\n\u003Cp>But if you do need to grant access to some endpoints, you can do that too. Go to the Settings page and you can quickly whitelist individual endpoints (or entire branches of endpoints) in the REST API.\u003C\u002Fp>\n\u003Cp>You can even do this on a per-user-role basis, so your unauthenticated users have one set of rules while WooCommerce customers have another while Subscribers and Editors and Admins all have their own. NOTE: Out of the box, all defined user roles will still be granted full access to the REST API until you choose to manage those settings.\u003C\u002Fp>\n\u003Cp>For most versions of WordPress, this plugin will return an authentication error if a user is not allowed to access an endpoint. For legacy support, WordPress 4.4, 4.5, and 4.6 use the provided \u003Ccode>rest_enabled\u003C\u002Fcode> filter to disable the entire REST API.\u003C\u002Fp>\n","Disable the use of the REST API on your website to site users. Now with User Role support!",90000,753897,96,38,"2023-09-14T00:26:00.000Z","6.3.8","4.9","5.6",[80,19,20,81,82],"admin","rest","rest-api","http:\u002F\u002Fwww.binarytemplar.com\u002Fdisable-json-api","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-json-api.zip",{"slug":86,"name":87,"version":88,"author":89,"author_profile":90,"description":91,"short_description":92,"active_installs":93,"downloaded":94,"rating":95,"num_ratings":96,"last_updated":97,"tested_up_to":49,"requires_at_least":98,"requires_php":99,"tags":100,"homepage":105,"download_link":106,"security_score":11,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"jwt-authentication-for-wp-rest-api","JWT Authentication for WP REST API","1.5.0","tmeister","https:\u002F\u002Fprofiles.wordpress.org\u002Ftmeister\u002F","\u003Cp>This plugin seamlessly extends the WP REST API, enabling robust and secure authentication using JSON Web Tokens (JWT). It provides a straightforward way to authenticate users via the REST API, returning a standard JWT upon successful login.\u003C\u002Fp>\n\u003Ch3>Key features of this free version include:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Standard JWT Authentication:\u003C\u002Fstrong> Implements the industry-standard \u003Ca href=\"https:\u002F\u002Ftools.ietf.org\u002Fhtml\u002Frfc7519\" rel=\"nofollow ugc\">RFC 7519\u003C\u002Fa> for secure claims representation.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Simple Endpoints:\u003C\u002Fstrong> Offers clear \u003Ccode>\u002Ftoken\u003C\u002Fcode> and \u003Ccode>\u002Ftoken\u002Fvalidate\u003C\u002Fcode> endpoints for generating and validating tokens.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Configurable Secret Key:\u003C\u002Fstrong> Define your unique secret key via \u003Ccode>wp-config.php\u003C\u002Fcode> for secure token signing.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Optional CORS Support:\u003C\u002Fstrong> Easily enable Cross-Origin Resource Sharing support via a \u003Ccode>wp-config.php\u003C\u002Fcode> constant.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer Hooks:\u003C\u002Fstrong> Provides filters (\u003Ccode>jwt_auth_expire\u003C\u002Fcode>, \u003Ccode>jwt_auth_token_before_sign\u003C\u002Fcode>, etc.) for customizing token behavior.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>JSON Web Tokens are an open, industry standard method for representing claims securely between two parties.\u003C\u002Fp>\n\u003Cp>For users requiring more advanced capabilities such as multiple signing algorithms (RS256, ES256), token refresh\u002Frevocation, UI-based configuration, or priority support, consider checking out \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=description_link_soft\" rel=\"nofollow ugc\">JWT Authentication PRO\u003C\u002Fa>\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Support and Requests:\u003C\u002Fstrong> Please use \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FTmeister\u002Fwp-api-jwt-auth\u002Fissues\" rel=\"nofollow ugc\">GitHub Issues\u003C\u002Fa>. For priority support, consider upgrading to \u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=description_support_link\" rel=\"nofollow ugc\">PRO\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>REQUIREMENTS\u003C\u002Fh3>\n\u003Ch4>WP REST API V2\u003C\u002Fh4>\n\u003Cp>This plugin was conceived to extend the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWP-API\u002FWP-API\" rel=\"nofollow ugc\">WP REST API V2\u003C\u002Fa> plugin features and, of course, was built on top of it.\u003C\u002Fp>\n\u003Cp>So, to use the \u003Cstrong>wp-api-jwt-auth\u003C\u002Fstrong> you need to install and activate \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWP-API\u002FWP-API\" rel=\"nofollow ugc\">WP REST API\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>PHP\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Minimum PHP version: 7.4.0\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>PHP HTTP Authorization Header Enable\u003C\u002Fh3>\n\u003Cp>Most shared hosting providers have disabled the \u003Cstrong>HTTP Authorization Header\u003C\u002Fstrong> by default.\u003C\u002Fp>\n\u003Cp>To enable this option you’ll need to edit your \u003Cstrong>.htaccess\u003C\u002Fstrong> file by adding the following:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>RewriteEngine on\nRewriteCond %{HTTP:Authorization} ^(.*)\nRewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>WPENGINE\u003C\u002Fh4>\n\u003Cp>For WPEngine hosting, you’ll need to edit your \u003Cstrong>.htaccess\u003C\u002Fstrong> file by adding the following:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>SetEnvIf Authorization \"(.*)\" HTTP_AUTHORIZATION=$1\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>See https:\u002F\u002Fgithub.com\u002FTmeister\u002Fwp-api-jwt-auth\u002Fissues\u002F1 for more details.\u003C\u002Fp>\n\u003Ch3>CONFIGURATION\u003C\u002Fh3>\n\u003Ch3>Configure the Secret Key\u003C\u002Fh3>\n\u003Cp>The JWT needs a \u003Cstrong>secret key\u003C\u002Fstrong> to sign the token. This \u003Cstrong>secret key\u003C\u002Fstrong> must be unique and never revealed.\u003C\u002Fp>\n\u003Cp>To add the \u003Cstrong>secret key\u003C\u002Fstrong>, edit your wp-config.php file and add a new constant called \u003Cstrong>JWT_AUTH_SECRET_KEY\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define('JWT_AUTH_SECRET_KEY', 'your-top-secret-key');\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>You can generate a secure key from: https:\u002F\u002Fapi.wordpress.org\u002Fsecret-key\u002F1.1\u002Fsalt\u002F\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Looking for easier configuration?\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=config_secret_key_link\" rel=\"nofollow ugc\">JWT Authentication PRO\u003C\u002Fa> allows you to manage all settings through a simple admin UI.\u003C\u002Fp>\n\u003Ch3>Configure CORS Support\u003C\u002Fh3>\n\u003Cp>The \u003Cstrong>wp-api-jwt-auth\u003C\u002Fstrong> plugin has the option to activate \u003Ca href=\"https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FCross-origin_resource_sharing\" rel=\"nofollow ugc\">CORS\u003C\u002Fa> support.\u003C\u002Fp>\n\u003Cp>To enable CORS Support, edit your wp-config.php file and add a new constant called \u003Cstrong>JWT_AUTH_CORS_ENABLE\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define('JWT_AUTH_CORS_ENABLE', true);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Finally, activate the plugin within your wp-admin.\u003C\u002Fp>\n\u003Ch3>Namespace and Endpoints\u003C\u002Fh3>\n\u003Cp>When the plugin is activated, a new namespace is added:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u002Fjwt-auth\u002Fv1\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Also, two new endpoints are added to this namespace:\u003C\u002Fp>\n\u003Cp>Endpoint | HTTP Verb\u003Cbr \u002F>\n\u003Cem>\u002Fwp-json\u002Fjwt-auth\u002Fv1\u002Ftoken\u003C\u002Fem> | POST\u003Cbr \u002F>\n\u003Cem>\u002Fwp-json\u002Fjwt-auth\u002Fv1\u002Ftoken\u002Fvalidate\u003C\u002Fem> | POST\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Need more functionality?\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=endpoints_pro_note\" rel=\"nofollow ugc\">JWT Authentication PRO\u003C\u002Fa> includes additional endpoints for token refresh and revocation.\u003C\u002Fp>\n\u003Ch3>USAGE\u003C\u002Fh3>\n\u003Ch4>\u002Fwp-json\u002Fjwt-auth\u002Fv1\u002Ftoken\u003C\u002Fh4>\n\u003Cp>This is the entry point for JWT Authentication.\u003C\u002Fp>\n\u003Cp>It validates the user credentials, \u003Cem>username\u003C\u002Fem> and \u003Cem>password\u003C\u002Fem>, and returns a token to use in future requests to the API if the authentication is correct, or an error if authentication fails.\u003C\u002Fp>\n\u003Cp>Sample Request Using AngularJS\u003C\u002Fp>\n\u003Cpre>\u003Ccode>(function() {\n  var app = angular.module('jwtAuth', []);\n\n  app.controller('MainController', function($scope, $http) {\n    var apiHost = 'http:\u002F\u002Fyourdomain.com\u002Fwp-json';\n\n    $http.post(apiHost + '\u002Fjwt-auth\u002Fv1\u002Ftoken', {\n      username: 'admin',\n      password: 'password'\n    })\n    .then(function(response) {\n      console.log(response.data)\n    })\n    .catch(function(error) {\n      console.error('Error', error.data[0]);\n    });\n  });\n})();\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Success Response From The Server\u003C\u002Fp>\n\u003Cpre>\u003Ccode>{\n  \"token\": \"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOlwvXC9qd3QuZGV2IiwiaWF0IjoxNDM4NTcxMDUwLCJuYmYiOjE0Mzg1NzEwNTAsImV4cCI6MTQzOTE3NTg1MCwiZGF0YSI6eyJ1c2VyIjp7ImlkIjoiMSJ9fX0.YNe6AyWW4B7ZwfFE5wJ0O6qQ8QFcYizimDmBy6hCH_8\",\n  \"user_display_name\": \"admin\",\n  \"user_email\": \"admin@localhost.dev\",\n  \"user_nicename\": \"admin\"\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Error Response From The Server\u003C\u002Fp>\n\u003Cpre>\u003Ccode>{\n  \"code\": \"jwt_auth_failed\",\n  \"data\": {\n    \"status\": 403\n  },\n  \"message\": \"Invalid Credentials.\"\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Once you get the token, you must store it somewhere in your application, e.g., in a \u003Cstrong>cookie\u003C\u002Fstrong> or using \u003Cstrong>localStorage\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>From this point, you should pass this token with every API call.\u003C\u002Fp>\n\u003Cp>Sample Call Using The Authorization Header With AngularJS\u003C\u002Fp>\n\u003Cpre>\u003Ccode>app.config(function($httpProvider) {\n  $httpProvider.interceptors.push(['$q', '$location', '$cookies', function($q, $location, $cookies) {\n    return {\n      'request': function(config) {\n        config.headers = config.headers || {};\n        \u002F\u002F Assume that you store the token in a cookie\n        var globals = $cookies.getObject('globals') || {};\n        \u002F\u002F If the cookie has the CurrentUser and the token\n        \u002F\u002F add the Authorization header in each request\n        if (globals.currentUser && globals.currentUser.token) {\n          config.headers.Authorization = 'Bearer ' + globals.currentUser.token;\n        }\n        return config;\n      }\n    };\n  }]);\n});\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>The \u003Cstrong>wp-api-jwt-auth\u003C\u002Fstrong> plugin will intercept every call to the server and will look for the Authorization Header. If the Authorization header is present, it will try to decode the token and will set the user according to the data stored in it.\u003C\u002Fp>\n\u003Cp>If the token is valid, the API call flow will continue as normal.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Sample Headers\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>POST \u002Fresource HTTP\u002F1.1\nHost: server.example.com\nAuthorization: Bearer mF_s9.B5f-4.1JqM\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>ERRORS\u003C\u002Fh3>\n\u003Cp>If the token is invalid, an error will be returned. Here are some sample errors:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Invalid Credentials\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[\n  {\n    \"code\": \"jwt_auth_failed\",\n    \"message\": \"Invalid Credentials.\",\n    \"data\": {\n      \"status\": 403\n    }\n  }\n]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Invalid Signature\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[\n  {\n    \"code\": \"jwt_auth_invalid_token\",\n    \"message\": \"Signature verification failed\",\n    \"data\": {\n      \"status\": 403\n    }\n  }\n]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Expired Token\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[\n  {\n    \"code\": \"jwt_auth_invalid_token\",\n    \"message\": \"Expired token\",\n    \"data\": {\n      \"status\": 403\n    }\n  }\n]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Need advanced error tracking?\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=errors_pro_note\" rel=\"nofollow ugc\">JWT Authentication PRO\u003C\u002Fa> offers enhanced error tracking and monitoring capabilities.\u003C\u002Fp>\n\u003Ch4>\u002Fwp-json\u002Fjwt-auth\u002Fv1\u002Ftoken\u002Fvalidate\u003C\u002Fh4>\n\u003Cp>This is a simple helper endpoint to validate a token. You only need to make a POST request with the Authorization header.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Valid Token Response\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>{\n  \"code\": \"jwt_auth_valid_token\",\n  \"data\": {\n    \"status\": 200\n  }\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>AVAILABLE HOOKS\u003C\u002Fh3>\n\u003Cp>The \u003Cstrong>wp-api-jwt-auth\u003C\u002Fstrong> plugin is developer-friendly and provides five filters to override the default settings.\u003C\u002Fp>\n\u003Ch4>jwt_auth_cors_allow_headers\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_cors_allow_headers\u003C\u002Fstrong> filter allows you to modify the available headers when CORS support is enabled.\u003C\u002Fp>\n\u003Cp>Default Value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>'Access-Control-Allow-Headers, Content-Type, Authorization'\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>jwt_auth_not_before\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_not_before\u003C\u002Fstrong> filter allows you to change the \u003Ca href=\"https:\u002F\u002Ftools.ietf.org\u002Fhtml\u002Frfc7519#section-4.1.5\" rel=\"nofollow ugc\">\u003Cstrong>nbf\u003C\u002Fstrong>\u003C\u002Fa> value before the token is created.\u003C\u002Fp>\n\u003Cp>Default Value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Creation time - time()\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>jwt_auth_expire\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_expire\u003C\u002Fstrong> filter allows you to change the \u003Ca href=\"https:\u002F\u002Ftools.ietf.org\u002Fhtml\u002Frfc7519#section-4.1.4\" rel=\"nofollow ugc\">\u003Cstrong>exp\u003C\u002Fstrong>\u003C\u002Fa> value before the token is created.\u003C\u002Fp>\n\u003Cp>Default Value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>time() + (DAY_IN_SECONDS * 7)\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>jwt_auth_token_before_sign\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_token_before_sign\u003C\u002Fstrong> filter allows you to modify all token data before it is encoded and signed.\u003C\u002Fp>\n\u003Cp>Default Value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$token = array(\n    'iss' => get_bloginfo('url'),\n    'iat' => $issuedAt,\n    'nbf' => $notBefore,\n    'exp' => $expire,\n    'data' => array(\n        'user' => array(\n            'id' => $user->data->ID,\n        )\n    )\n);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Want easier customization?\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=hook_payload_pro_note\" rel=\"nofollow ugc\">JWT Authentication PRO\u003C\u002Fa> allows you to add custom claims directly through the admin UI.\u003C\u002Fp>\n\u003Ch4>jwt_auth_token_before_dispatch\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_token_before_dispatch\u003C\u002Fstrong> filter allows you to modify the response array before it is sent to the client.\u003C\u002Fp>\n\u003Cp>Default Value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$data = array(\n    'token' => $token,\n    'user_email' => $user->data->user_email,\n    'user_nicename' => $user->data->user_nicename,\n    'user_display_name' => $user->data->display_name,\n);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>jwt_auth_algorithm\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_algorithm\u003C\u002Fstrong> filter allows you to modify the signing algorithm.\u003C\u002Fp>\n\u003Cp>Default value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$token = JWT::encode(\n    apply_filters('jwt_auth_token_before_sign', $token, $user),\n    $secret_key,\n    apply_filters('jwt_auth_algorithm', 'HS256')\n);\n\n\u002F\u002F ...\n\n$token = JWT::decode(\n    $token,\n    new Key($secret_key, apply_filters('jwt_auth_algorithm', 'HS256'))\n);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>JWT Authentication PRO\u003C\u002Fh3>\n\u003Cp>Elevate your WordPress security and integration capabilities with \u003Cstrong>JWT Authentication PRO\u003C\u002Fstrong>. Building upon the solid foundation of the free version, the PRO version offers advanced features, enhanced security options, and a streamlined user experience:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Easy Configuration UI:\u003C\u002Fstrong> Manage all settings directly from the WordPress admin area.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Refresh Endpoint:\u003C\u002Fstrong> Allow users to refresh expired tokens seamlessly without requiring re-login.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Revocation Endpoint:\u003C\u002Fstrong> Immediately invalidate specific tokens for enhanced security control.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable Token Payload:\u003C\u002Fstrong> Add custom claims to your JWT payload to suit your specific application needs.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Granular CORS Control:\u003C\u002Fstrong> Define allowed origins and headers with more precision directly in the settings.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Rate Limiting:\u003C\u002Fstrong> Protect your endpoints from abuse with configurable rate limits.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Audit Logs:\u003C\u002Fstrong> Keep track of token generation, validation, and errors.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Priority Support:\u003C\u002Fstrong> Get faster, dedicated support directly from the developer.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=pro_section_cta\" rel=\"nofollow ugc\">Upgrade to JWT Authentication PRO Today!\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>Free vs. PRO Comparison\u003C\u002Fh3>\n\u003Cp>Here’s a quick look at the key differences:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Basic JWT Authentication:\u003C\u002Fstrong> Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Generation:\u003C\u002Fstrong> Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Validation:\u003C\u002Fstrong> Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Refresh Mechanism:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Revocation:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Management Dashboard:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Analytics & Monitoring:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Geo-IP Identification:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Rate Limiting:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Detailed Documentation:\u003C\u002Fstrong> Basic (Free), Comprehensive (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer Tools:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Premium Support:\u003C\u002Fstrong> Community via GitHub (Free), Priority Direct Support (PRO)\u003C\u002Fli>\n\u003C\u002Ful>\n","Extends the WP REST API using JSON Web Tokens Authentication as an authentication method.",60000,893830,88,53,"2026-02-18T00:58:00.000Z","4.2","7.4.0",[101,102,103,82,104],"json-web-authentication","jwt","oauth","wp-api","https:\u002F\u002Fenriquechavez.co","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjwt-authentication-for-wp-rest-api.1.5.0.zip",{"slug":108,"name":109,"version":110,"author":111,"author_profile":112,"description":113,"short_description":114,"active_installs":115,"downloaded":116,"rating":73,"num_ratings":117,"last_updated":118,"tested_up_to":49,"requires_at_least":119,"requires_php":120,"tags":121,"homepage":123,"download_link":124,"security_score":11,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"disable-wp-rest-api","Disable WP REST API","2.6.7","Jeff Starr","https:\u002F\u002Fprofiles.wordpress.org\u002Fspecialk\u002F","\u003Cp>\u003Cstrong>Does one thing:\u003C\u002Fstrong> Completely disables the WordPress REST API for visitors who are not logged into WordPress. No configuration required.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Important:\u003C\u002Fstrong> This plugin completely disables the WP REST API for visitors who are NOT logged in to WordPress. So not recommended if your site needs the WP REST API for any non-logged users.\u003C\u002Fp>\n\u003Cp>👉 The fast, simple way to prevent abuse of your site’s REST\u002FJSON API\u003Cbr \u002F>\n👉 Protects your site’s REST data from all non-logged users and bots\u003Cbr \u002F>\n👉 Uses only 4KB of code, so super lightweight, fast, and effective\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Disable REST\u002FJSON for visitors (not logged in)\u003C\u002Fli>\n\u003Cli>Disables REST header in HTTP response for all users\u003C\u002Fli>\n\u003Cli>Disables REST links in HTML head for all users\u003C\u002Fli>\n\u003Cli>100% plug-and-play, set-it-and-forget solution\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>How does it work?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin completely disables the WP REST API \u003Cem>unless\u003C\u002Fem> the user is logged into WordPress.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>For logged-in users, WP REST API works normally\u003C\u002Fli>\n\u003Cli>For logged-out users, WP REST API is disabled\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>What happens if logged-out visitor makes a JSON\u002FREST request? They will get only a simple message:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>rest_login_required: REST API restricted to authenticated users.\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>This message may customized via the filter hook, \u003Ccode>disable_wp_rest_api_error\u003C\u002Fcode>. Check out \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fnot-entirely-for-non-techies\u002F#post-12014965\" rel=\"ugc\">this post\u003C\u002Fa> for an example of how to do it.\u003C\u002Fp>\n\u003Ch3>Privacy\u003C\u002Fh3>\n\u003Cp>This plugin does not collect or store any user data. It does not set any cookies, and it does not connect to any third-party locations. Thus, this plugin does not affect user privacy in any way. If anything it \u003Cem>improves\u003C\u002Fem> user privacy, as it protects potentially sensitive information from being displayed\u002Faccessed via REST API.\u003C\u002Fp>\n\u003Cp>Disable WP REST API is developed and maintained by \u003Ca href=\"https:\u002F\u002Fx.com\u002Fperishable\" rel=\"nofollow ugc\">Jeff Starr\u003C\u002Fa>, 15-year \u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002F\" rel=\"nofollow ugc\">WordPress developer\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fbooks.perishablepress.com\u002F\" rel=\"nofollow ugc\">book author\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Support development of this plugin\u003C\u002Fh3>\n\u003Cp>I develop and maintain this free plugin with love for the WordPress community. To show support, you can \u003Ca href=\"https:\u002F\u002Fmonzillamedia.com\u002Fdonate.html\" rel=\"nofollow ugc\">make a donation\u003C\u002Fa> or purchase one of my books:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwp-tao.com\u002F\" rel=\"nofollow ugc\">The Tao of WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdigwp.com\u002F\" rel=\"nofollow ugc\">Digging into WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fhtaccessbook.com\u002F\" rel=\"nofollow ugc\">.htaccess made easy\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwp-tao.com\u002Fwordpress-themes-book\u002F\" rel=\"nofollow ugc\">WordPress Themes In Depth\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbooks.perishablepress.com\u002Fdownloads\u002Fwizards-collection-sql-recipes-wordpress\u002F\" rel=\"nofollow ugc\">Wizard’s SQL Recipes for WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>And\u002For purchase one of my premium WordPress plugins:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fbbq-pro\u002F\" rel=\"nofollow ugc\">BBQ Pro\u003C\u002Fa> – Blazing fast WordPress firewall\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fblackhole-pro\u002F\" rel=\"nofollow ugc\">Blackhole Pro\u003C\u002Fa> – Automatically block bad bots\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fbanhammer-pro\u002F\" rel=\"nofollow ugc\">Banhammer Pro\u003C\u002Fa> – Monitor traffic and ban the bad guys\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fga-google-analytics-pro\u002F\" rel=\"nofollow ugc\">GA Google Analytics Pro\u003C\u002Fa> – Connect WordPress to Google Analytics\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fhead-meta-pro\u002F\" rel=\"nofollow ugc\">Head Meta Pro\u003C\u002Fa> – Ultimate Meta Tags for WordPress\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fsimple-ajax-chat-pro\u002F\" rel=\"nofollow ugc\">Simple Ajax Chat Pro\u003C\u002Fa> – Unlimited chat rooms\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fusp-pro\u002F\" rel=\"nofollow ugc\">USP Pro\u003C\u002Fa> – Unlimited front-end forms\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Links, tweets and likes also appreciated. Thank you! 🙂\u003C\u002Fp>\n","Disables the WP REST API for visitors not logged into WordPress.",30000,365611,36,"2026-01-29T17:42:00.000Z","4.7","5.6.20",[19,122,20,81,82],"disable","https:\u002F\u002Fperishablepress.com\u002Fdisable-wp-rest-api\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-wp-rest-api.2.6.7.zip",{"slug":82,"name":126,"version":127,"author":128,"author_profile":129,"description":130,"short_description":131,"active_installs":132,"downloaded":133,"rating":33,"num_ratings":134,"last_updated":135,"tested_up_to":136,"requires_at_least":137,"requires_php":138,"tags":139,"homepage":140,"download_link":141,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"WordPress REST API (Version 2)","2.0-beta15","Ryan McCue","https:\u002F\u002Fprofiles.wordpress.org\u002Frmccue\u002F","\u003Cp>WordPress is moving towards becoming a fully-fledged application framework, and we need new APIs. This project was born to create an easy-to-use, easy-to-understand and well-tested framework for creating these APIs, plus creating APIs for core.\u003C\u002Fp>\n\u003Cp>This plugin provides an easy to use REST API, available via HTTP. Grab your site’s data in simple JSON format, including users, posts, taxonomies and more. Retrieving or updating data is as simple as sending a HTTP request.\u003C\u002Fp>\n\u003Cp>Want to get your site’s posts? Simply send a \u003Ccode>GET\u003C\u002Fcode> request to \u003Ccode>\u002Fwp-json\u002Fwp\u002Fv2\u002Fposts\u003C\u002Fcode>. Update user with ID 4? Send a \u003Ccode>PUT\u003C\u002Fcode> request to \u003Ccode>\u002Fwp-json\u002Fwp\u002Fv2\u002Fusers\u002F4\u003C\u002Fcode>. Get all posts with the search term “awesome”? \u003Ccode>GET \u002Fwp-json\u002Fwp\u002Fv2\u002Fposts?filter[s]=awesome\u003C\u002Fcode>. It’s that easy.\u003C\u002Fp>\n\u003Cp>The WordPress REST API exposes a simple yet easy interface to WP Query, the posts API, post meta API, users API, revisions API and many more. Chances are, if you can do it with WordPress, the API will let you do it.\u003C\u002Fp>\n\u003Cp>The REST API also includes an easy-to-use JavaScript API based on Backbone models, allowing plugin and theme developers to get up and running without needing to know anything about the details of getting connected.\u003C\u002Fp>\n\u003Cp>Check out \u003Ca href=\"http:\u002F\u002Fv2.wp-api.org\u002F\" rel=\"nofollow ugc\">our documentation\u003C\u002Fa> for information on what’s available in the API and how to use it. We’ve also got documentation on extending the API with extra data for plugin and theme developers!\u003C\u002Fp>\n\u003Cp>All tickets for the project are being tracked on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWP-API\u002FWP-API\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>. You can also take a look at the \u003Ca href=\"http:\u002F\u002Fmake.wp-api.org\u002F\" rel=\"nofollow ugc\">recent updates\u003C\u002Fa> for the project.\u003C\u002Fp>\n","Access your site's data through an easy-to-use HTTP REST API. (Version 2)",10000,533860,34,"2017-11-28T07:07:00.000Z","4.7.32","4.6","",[19,20,81,82],"https:\u002F\u002Fgithub.com\u002FWP-API\u002FWP-API","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frest-api.2.0-beta15.zip",{"attackSurface":143,"codeSignals":155,"taintFlows":162,"riskAssessment":163,"analyzedAt":174},{"hooks":144,"ajaxHandlers":151,"restRoutes":152,"shortcodes":153,"cronEvents":154,"entryPointCount":13,"unprotectedCount":13},[145],{"type":146,"name":147,"callback":148,"file":149,"line":150},"action","rest_api_init","init_wp_rest_multiple_posttype_endpoint","plugin.php",28,[],[],[],[],{"dangerousFunctions":156,"sqlUsage":157,"outputEscaping":159,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":161},[],{"prepared":13,"raw":13,"locations":158},[],{"escaped":13,"rawEcho":13,"locations":160},[],[],[],{"summary":164,"deductions":165},"The \"wp-api-multiple-posttype\" v1.0.3 plugin demonstrates a strong security posture based on the provided static analysis. The absence of any identified entry points like AJAX handlers, REST API routes, shortcodes, or cron events, significantly limits its attack surface. Furthermore, the code signals show a clean slate: no dangerous functions, SQL queries are exclusively prepared, output is properly escaped, and there are no file operations or external HTTP requests.  The lack of any recorded vulnerabilities in its history, including CVEs, further reinforces its current secure state. \n\nHowever, the analysis also highlights a potential concern: the complete absence of capability checks and nonce checks is notable. While the lack of entry points currently mitigates the risk associated with these omissions, it suggests that if functionality were to be added or exposed in the future, it might lack crucial security layers. The absence of taint analysis results (all flows analyzed is 0) also means that potential vulnerabilities within the code, if any exist, have not been detected. \n\nIn conclusion, the plugin currently appears very secure due to its minimal attack surface and clean code signals. Its vulnerability history is a strong positive indicator. The primary area for improvement would be to implement robust capability and nonce checks for any present or future functionality to ensure it remains secure as it evolves. The lack of taint analysis is a gap that could be addressed in a more comprehensive audit.",[166,169,171],{"reason":167,"points":168},"No capability checks found",10,{"reason":170,"points":168},"No nonce checks found",{"reason":172,"points":173},"No taint flows analyzed",5,"2026-03-16T20:51:08.767Z",{"wat":176,"direct":182},{"assetPaths":177,"generatorPatterns":179,"scriptPaths":180,"versionParams":181},[178],"\u002Fwp-content\u002Fplugins\u002Fwp-api-multiple-posttype\u002Flib\u002Fendpoints\u002Fclass-wp-rest-multiple-posttype-controller.php",[],[],[],{"cssClasses":183,"htmlComments":184,"htmlAttributes":185,"restEndpoints":186,"jsGlobals":188,"shortcodeOutput":189},[],[],[],[187],"\u002Fwp-json\u002Fwp\u002Fv2\u002Fposts",[],[]]