[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fIB6qM8N_e87IodBi7r-UOtUmEsODRSSmp_PWi7ndcbw":3,"$frj-I3ZWkVWaBxC6KsU7bHn1wjqAuJoHK6g4sTSjbl90":222,"$fENFkknmi17jI_etNAf70UUvwUxOFo0R1I4lCJFFwxEU":227},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"discovery_status":29,"vulnerabilities":30,"developer":31,"crawl_stats":27,"alternatives":38,"analysis":140,"fingerprints":194},"wp-wpcat-json-rest","wp_wpcat_json_rest","1.2.0","Martin von Berg","https:\u002F\u002Fprofiles.wordpress.org\u002Fmartinvonberg\u002F","\u003Cp>Extend the REST-API to work with WordPress Media-Library. Organize images in Folders. Add and Update images including Metadata and Posts using the images. Access with Authorization only.\u003Cbr \u002F>\nThis plugin extends the REST-API of WordPress to directly access the Media-Library for Images. It is intended to be used together with a Lightroom Plugin or as a stand-alone interface for headless WordPress. The new REST-API endpoints (functions) allow to add additional metadata to images, update existing metadata or update images completely without changing the WordPress-ID. Images may be added to the standard directory hierarchy of wordpress or to an additional folder which allows better organization and searching for images.\u003C\u002Fp>\n\u003Ch3>Authorization\u003C\u002Fh3>\n\u003Cp>With this plugin ALL requests to the REST-API of wordpress require an authorization method in the https-header. It is no longer possible to even read data via the REST-API. There are different authorization methods:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>Use your WP-Admin Username and Password + username + Basic-Auth\u003Cbr \u002F>\nThis function is not provided by this plugin. There are plugins that allow Basic-Auth. It works fine with https. Never use it together with http. Your administrator username and password will be submitted to the internet.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Use WP REST application password + Basic auth\u003Cbr \u002F>\nThis works only with wordpress 5.6+ and may be used together with Basic-Auth. The setting is only provided if your website runs with https. So, use it only together with https (see above). I prefer this method and recommend to update to at least WP 5.6. There is a setting to use this method together with http, but this is not recommended.\u003Cbr \u002F>\nProcess:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Login to your wordpress-site \u003C\u002Fli>\n\u003Cli>Go to Admin-Panel > User > Profile\u003C\u002Fli>\n\u003Cli>Scroll down to “Application Passwords”\u003C\u002Fli>\n\u003Cli>Provide a useful name for the application in the field underneath\u003C\u002Fli>\n\u003Cli>Click the button “add new application password”\u003C\u002Fli>\n\u003Cli>The new password will be shown. Copy it immediately and store it! It won’t be shown again. Remove the spaces from the password.\u003C\u002Fli>\n\u003Cli>Use the username of the admin and the new generated password in the https-header to access to wordpress \u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>OAuth2\u003Cbr \u002F>\nUse existing plugins for the OAuth2 process. Best security compared to the other methods but very complicated to implement on the application side.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Usage (detailed list of endpoints and REST-API-fields)\u003C\u002Fh3>\n\u003Col>\n\u003Cli>REST-API-fields\u003Cbr \u002F>\nThe additional fields are available with the standard REST-API Endpoint: https:\u002F\u002Fwww.example.com\u002Fwp-json\u002Fwp\u002Fv2\u002Fmedia\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>1.1 Field ‘gallery’\u003Cbr \u002F>\nThis field may be used to organize images in galleries. The wordpress standard Media-Library does not provide a sorting scheme to organize images in galleries or topics. So -provided the gallery-plugin supports it- this is a simple way to organize images. Together with the plugin ‘AdvancedCustomFields’ it is possible to search for this field (or others).\u003C\u002Fp>\n\u003Cp>1.2 Field ‘gallery_sort’\u003Cbr \u002F>\nThis field may be used for custom sorting of images shown in an image-slider or gallery. Only Integer values are allowed. Only useable with a plugin that supports this.\u003Cbr \u002F>\nSee for instance: https:\u002F\u002Fgithub.com\u002FMartinvonBerg\u002FFotorama-Leaflet-Elevation.\u003C\u002Fp>\n\u003Cp>1.3 Field ‘md5_original_file’\u003Cbr \u002F>\nThis is an array that provides the MD5-hash-value (checksum) and the file size of the original image file. This data is used for the update process to check prior to the upload whether an image was changed or not. It’s intention is to reduce network load during update process.\u003C\u002Fp>\n\u003Cp>1.4 Example JSON-snippet of the REST-API output for the above mentioned fields\u003C\u002Fp>\n\u003Cp>“gallery”: “Albums”,\u003Cbr \u002F>\n“gallery_sort”: “16”,\u003Cbr \u002F>\n“md5_original_file”: {\u003Cbr \u002F>\n    “MD5”: “FCB639BB8191716A829F7B007056945B”,\u003Cbr \u002F>\n    “size”: 509168\u003Cbr \u002F>\n},\u003C\u002Fp>\n\u003Cp>How to get this: Open you browser and type https:\u002F\u002Fwww.your-domain.whatever\u002Fwp-json\u002Fwp\u002Fv2\u002Fmedia. Use Firefox to get a formatted output of the response. You have to be logged in to get the response.\u003C\u002Fp>\n\u003Cp>1.5 How to write the fields:\u003Cbr \u002F>\nWriting the fields is only possible with authorization. So, check the ‘authorization’ section before. This may be tested with ‘postman’, a great software for testing http(s)-requests.\u003C\u002Fp>\n\u003Cp>Example https-request with POST-method:\u003Cbr \u002F>\nhttps:\u002F\u002Fwww.your-domain.whatever\u002Fwp-json\u002Fwp\u002Fv2\u002Fmedia\u002F666?gallery=test-gallery\u003C\u002Fp>\n\u003Cp>New functionality behind this request\u003Cbr \u002F>\nA POST-request with ‘alt_text’ and \u002F or ‘caption’ will change the content of ALL posts using that image. The ‘alt_text’ and the ‘caption’ are updated if they are used in\u003Cbr \u002F>\ngutenberg blocks ‘image’, ‘gallery’ and ‘media-with-text’. Note: There are many, many other blocks, images, galleries around. For these I couldn’t realize the update of ‘alt-text’ and ‘caption’.\u003C\u002Fp>\n\u003Cp>New Parameter for the above POST-request\u003Cbr \u002F>\nAdd ?docaption=true to the http request and update ALL captions in the content, too. The ‘alt_text’ is always changed in the content, because IMO there could be only one alt_text for an image.\u003Cbr \u002F>\nBut, the caption may depend on the context, so it is up to the user, to change it automatically for all posts or not.\u003C\u002Fp>\n\u003Cp>Mind: It is NOT required to use quotes around the value (here: test-gallery). If you use quotes, they will be used as part of the string in the field gallery.\u003C\u002Fp>\n\u003Cp>1.6 Note on REST-API output\u003Cbr \u002F>\nIt is possible to reduce the REST-API output to dedicated fields. This is much better for overview and reducing net-load.\u003Cbr \u002F>\nExample:\u003Cbr \u002F>\nThe https GET-Request\u003Cbr \u002F>\n‘https:\u002F\u002Fexample.com\u002Fwp-json\u002Fwp\u002Fv2\u002Fmedia\u002F?_fields=id,gallery’\u003Cbr \u002F>\nprovides this response:\u003C\u002Fp>\n\u003Cp>[\u003Cbr \u002F>\n    {\u003Cbr \u002F>\n        “id”: 5013,\u003Cbr \u002F>\n        “gallery”: “Albums4”\u003Cbr \u002F>\n    },\u003Cbr \u002F>\n    {\u003Cbr \u002F>\n        “id”: 5012,\u003Cbr \u002F>\n        “gallery”: “Albums4”\u003Cbr \u002F>\n    },\u003Cbr \u002F>\n    {\u003Cbr \u002F>\n        “id”: 5011,\u003Cbr \u002F>\n        “gallery”: “Foto_Albums\u002FAlbums3”\u003Cbr \u002F>\n    },\u003Cbr \u002F>\n    {\u003Cbr \u002F>\n        “id”: 4932,\u003Cbr \u002F>\n        “gallery”: “Foto_Albums\u002FFranken-Dennenlohe”\u003Cbr \u002F>\n    },\u003Cbr \u002F>\n    {\u003Cbr \u002F>\n        “id”: 4930,\u003Cbr \u002F>\n        “gallery”: “Foto_Albums\u002FFranken-Dennenlohe”\u003Cbr \u002F>\n    },\u003Cbr \u002F>\n    {\u003Cbr \u002F>\n        “id”: 4929,\u003Cbr \u002F>\n        “gallery”: “Foto_Albums\u002FFranken-Dennenlohe”\u003Cbr \u002F>\n    },\u003Cbr \u002F>\n    {\u003Cbr \u002F>\n        “id”: 4928,\u003Cbr \u002F>\n        “gallery”: “Foto_Albums\u002FFranken-Dennenlohe”\u003Cbr \u002F>\n    },\u003Cbr \u002F>\n    {\u003Cbr \u002F>\n        “id”: 4927,\u003Cbr \u002F>\n        “gallery”: “Foto_Albums\u002FFranken-Dennenlohe”\u003Cbr \u002F>\n    },\u003Cbr \u002F>\n    {\u003Cbr \u002F>\n        “id”: 4926,\u003Cbr \u002F>\n        “gallery”: “Foto_Albums\u002FFranken-Dennenlohe”\u003Cbr \u002F>\n    },\u003Cbr \u002F>\n    {\u003Cbr \u002F>\n        “id”: 4925,\u003Cbr \u002F>\n        “gallery”: “Foto_Albums\u002FFranken-Dennenlohe”\u003Cbr \u002F>\n    }\u003Cbr \u002F>\n]\u003C\u002Fp>\n\u003Col>\n\u003Cli>New REST-API-Endpoints (aka functions)\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>2.1 extmedialib\u002Fv1\u002Fupdate\u002F(?P[\\d]+)\u003Cbr \u002F>\nFunction to update images. Only integer values will be accepted for the ‘id’.\u003C\u002Fp>\n\u003Cp>2.1.1 GET-method to extmedialib\u002Fv1\u002Fupdate\u002F(?P[\\d]+)\u003Cbr \u002F>\nThis function is just there for completeness. It provides some information for an existing image. The response to a GET-method to …\u002Fwp-json\u002Fextmedialib\u002Fv1\u002Fupdate\u002F is the following:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>{\n\"message\": \"You requested update of original Image with ID 5013 with GET-Method. Please update with POST-Method.\",\n\"original-file\": \"C:\\\\Bitnami\\\\wordpress-5.2.2-0\\\\apps\\\\wordpress\\\\htdocs\u002Fwp-content\u002Fuploads\u002FAlbums4\u002FFriaul_2019_10-169_DxO.jpg\",\n\"md5_original_file\": \"01CE0E6A16954C87586E9BF16044FDA0\",\n\"max_upload_size\": \"41943040 bytes\"\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>If the given wordpress-id does not exist it returns with http status-code 404.\u003C\u002Fp>\n\u003Cp>2.1.2 POST-method to extmedialib\u002Fv1\u002Fupdate\u002F(?P[\\d]+)\u003Cbr \u002F>\nThis function updates the complete image including metadata. The given wordpress-id remains unchanged. Only the image-files that belong to that wordpress-id will be updated. All image sub-sizes will be regenerated. All metadata will be updated according to the EXIF-data in the provided image. To complete the update process it is required to set the fields ‘title’, ‘caption’, ‘alt_text’ and ‘description’ with the standard REST-API-methods (see above). The function ‘update_meta’ is included.\u003C\u002Fp>\n\u003Cp>Note on image resizing: WordPress sets the standard resize quality to 82%. A setting of 100% was tested but with that the image-files were rather big.\u003Cbr \u002F>\nThe setting may be changed in the PHP-code only. Up to now there is now administration panel for the settings of this plugin. A programatical setting was added for that in version 0.0.18.\u003C\u002Fp>\n\u003Cp>Note on image size: WordPress scales all images with pixel length (long side) greater than 2560 pixels down to this size. The bigger images will be stored in the ..\u002Fuploads-directory but NOT used for the wordpress pages. So, it is not useful to upload images bigger than 2560 pixels. This may be changed by setting the ‘big_image_size_threshold’ by a dedicated hook. This is out of scope of this plugin.\u003C\u002Fp>\n\u003Cp>Header for POST-method\u003Cbr \u002F>\nTo define the content-type the following fields have to be added to the header:\u003Cbr \u002F>\n    {field=’Content-Disposition’, value=’form-data; filename=\u003Cnewfile.jpg>’ },\u003Cbr \u002F>\n    {field=’Content-Type’, value=’image\u002Fjpeg’},\u003Cbr \u002F>\n    OR\u003Cbr \u002F>\n    {field=’Content-Type’, value=’image\u002Fwebp’},\u003C\u002Fp>\n\u003Cp>Body for POST-method\u003Cbr \u002F>\nThe new Webp- or JPG-file has to be provided in the body as binary string. Checks in mime-type and size are done to prevent the user from uploading wrong data.\u003C\u002Fp>\n\u003Cp>New Parameter for the POST-request\u003Cbr \u002F>\nAdd ‘?changemime=true to the http request and update the file with one that does have another mime-type.\u003C\u002Fp>\n\u003Cp>2.2 extmedialib\u002Fv1\u002Fupdate_meta\u002F(?P[\\d]+)\u003Cbr \u002F>\nFunction to update metadata of images. Only integer values will be accepted for the id.\u003C\u002Fp>\n\u003Cp>2.2.1 GET-method to extmedialib\u002Fv1\u002Fupdate_meta\u002F(?P[\\d]+)\u003Cbr \u002F>\nThis function is just there for completeness.\u003Cbr \u002F>\nThe response to a GET-method to ‘…\u002Fwp-json\u002Fextmedialib\u002Fv1\u002Fupdate_meta\u002Fwordpress-id’ is not executed. It may be used to check whether the image with the given wordpress-id is available. The response provides the http-status-code 405, if so. This could be done with a standard REST-request, too.\u003C\u002Fp>\n\u003Cp>2.2.2 POST-method to extmedialib\u002Fv1\u002Fupdate_meta\u002F(?P[\\d]+)\u003Cbr \u002F>\nThis function updates the metadata of an existing image. It does not access the metadata that may be easily changed with the standard REST-API methods of wordpress (see there). It is only done if the ‘wordpress-id’ is a valid image and was added to the media-library before. For Jpegs it does NOT change ‘aperture, camera, created_timestamp, focal_length, iso, shutter_speed and orientation’. It is not very useful to change this data for an existing jpg-image. As the data is NOT set by WP for webp-images it is possible to add this data for Webp-Images now. The update or addition is done with a valid JSON-body and the respective settings in the http-header.\u003C\u002Fp>\n\u003Cp>Header for POST-method\u003Cbr \u002F>\nTo define the content-type the following fields have to be added to the header:\u003Cbr \u002F>\n    {field=’Content-Type’, value=’application\u002Fjson’}\u003C\u002Fp>\n\u003Cp>Example Body for POST-method\u003Cbr \u002F>\n    The JSON has to be formatted like that:\u003Cbr \u002F>\n    {\u003Cbr \u002F>\n        “image_meta”: {\u003Cbr \u002F>\n                “credit”: “Martin von Berg”,\u003Cbr \u002F>\n                “caption”: “Test-caption”,\u003Cbr \u002F>\n                “copyright”: “Copyright by Martin von Berg”,\u003Cbr \u002F>\n                “title”: “Auffahrt zum Vallone d`Urtier”,\u003Cbr \u002F>\n                “keywords”: [\u003Cbr \u002F>\n                    “Aosta”,\u003Cbr \u002F>\n                    “Aostatal”,\u003Cbr \u002F>\n                    “Berge”,\u003Cbr \u002F>\n                    “Bike”,\u003Cbr \u002F>\n                    “Italien”,\u003Cbr \u002F>\n                    “Sommer”,\u003Cbr \u002F>\n                    “Wald”,\u003Cbr \u002F>\n                    “Wiese”,\u003Cbr \u002F>\n                    “forest”,\u003Cbr \u002F>\n                    “italy”,\u003Cbr \u002F>\n                    “lärche”,\u003Cbr \u002F>\n                    “meadow”,\u003Cbr \u002F>\n                    “mountains”,\u003Cbr \u002F>\n                    “summer”\u003Cbr \u002F>\n                ]\u003Cbr \u002F>\n            }\u003Cbr \u002F>\n    }\u003C\u002Fp>\n\u003Cp>All fields that are provided in the JSON will be changed. Empty fields will reset the content to an empty string “”.\u003C\u002Fp>\n\u003Cp>2.3 extmedialib\u002Fv1\u002Faddtofolder\u002F(?P[a-zA-Z0-9\\\u002F\\-_]*)\u003Cbr \u002F>\nThis function stores images aside the wordpress standard folders but make them available in the media-library by generating a new wordpress-id. The ‘folder’ must not contain other characters than a-z, A-Z, 0-9, _ and -.\u003C\u002Fp>\n\u003Cp>2.3.1 GET-method to extmedialib\u002Fv1\u002Faddtofolder\u002F(?P[a-zA-Z0-9\\\u002F\\-_]*)\u003Cbr \u002F>\nThis function is just there for completeness and simple checking. The response to a GET-method to ‘…\u002Fwp-json\u002Fextmedialib\u002Fv1\u002Faddtofolder\u002Ffoldername’ simply gives the information whether the folder already exists or not.\u003C\u002Fp>\n\u003Cp>2.3.2 POST-method to extmedialib\u002Fv1\u002Faddtofolder\u002F(?P[a-zA-Z0-9\\\u002F\\-_]*)\u003Cbr \u002F>\nWith the POST-method an image will be added to the given folder and with a new wordpress id. The response provides the new id and some basic information about the added image file.\u003C\u002Fp>\n\u003Cp>Header for POST-method\u003Cbr \u002F>\nTo define the content-type the following fields have to be added to the header:\u003Cbr \u002F>\n    {field=’Content-Disposition’, value=’form-data; filename='\u003Cnewfile.jpg> },\u003Cbr \u002F>\n    {field=’Content-Type’, value=’image\u002Fjpeg’},\u003Cbr \u002F>\n    OR\u003Cbr \u002F>\n    {field=’Content-Type’, value=’image\u002Fwebp’},\u003C\u002Fp>\n\u003Cp>Body for POST-method\u003Cbr \u002F>\nThe new JPG-file has to be provided in the body as binary string. Checks for mime-type and size are done to prevent the user from uploading wrong images.\u003C\u002Fp>\n\u003Cp>2.4 extmedialib\u002Fv1\u002Faddfromfolder\u002F(?P[a-zA-Z0-9\\\u002F\\-_]*)\u003Cbr \u002F>\nThis function adds already uploaded images to the media-library. This is useful for images that were uploaded with ftp before. The ‘folder’ must not contain other characters than a-z, A-Z, 0-9, _ and -.\u003C\u002Fp>\n\u003Cp>2.4.1 GET-method to extmedialib\u002Fv1\u002Faddfromfolder\u002F(?P[a-zA-Z0-9\\\u002F\\-_]*)\u003Cbr \u002F>\nThis method gives information about the folder content. If existing and not empty the folder content will be provided as an array. The array provides now the id’s and original-files that are already in the media-library.\u003C\u002Fp>\n\u003Cp>2.4.2 POST-method to extmedialib\u002Fv1\u002Faddfromfolder\u002F(?P[a-zA-Z0-9\\\u002F\\-_]*)\u003Cbr \u002F>\nWith the POST-method all images from the given ‘folder’ will be added to the media-library. Image-Files that were already added before from THAT dedicated folder will be skipped. The response contains an JSON-array with IDs to be stored in the application (e.g. Lightroom) for later access. Mind that this might be a long running process. If it runs too long it will be stopped by the server and the addition is NOT complete. So, the recommendation is to do this step by step, e.g. 10 images maximum per step.\u003C\u002Fp>\n\u003Col>\n\u003Cli>Tests\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>3.0 Linting with phpstan\u003Cbr \u002F>\nCode quality was checked with phpstan and WP extensions ‘szepeviktor\u002Fphpstan-wordpress’ and ‘phpstan\u002Fextension-installer’.\u003Cbr \u002F>\nLevel 5 is OK except 19 remaining Errors. These were carefully reviewed and regarded as OK.\u003Cbr \u002F>\nCommand: php .\\vendor\\phpstan\\phpstan\\phpstan analyse classes inc .\\wp_wpcat_json_rest.php –memory-limit 1G\u003C\u002Fp>\n\u003Cp>3.1. Unit-Tests\u003Cbr \u002F>\nMeaningful Unit-Tests are now done with PHPUnit. The files are located in .\u002Ftests.\u003C\u002Fp>\n\u003Cp>3.2. Integration Test\u003Cbr \u002F>\nWell, IMO this is mainly the (de-)installation procedure for the plugins. Tested manually. Works\u003C\u002Fp>\n\u003Cp>3.3 System Test\u003Cbr \u002F>\nThe plugin is now ‘completely’ system tested with a new python test suite (PTS). The PTS uses pytest and a bunch of other python modules that have to be installed in the Python environment.\u003Cbr \u002F>\nI tried to reach a ‘branch coverage’ of 100% concerning the functional branches. It’s almost impossible to test the paths that were implemented for very special\u003Cbr \u002F>\nerrors on the server (domain of unit tests). The testdata contains *.webp and *.jpg files with different sizes. The use cases are ‘upload image file’, ‘change metadata’, ‘change mime type’,\u003Cbr \u002F>\n‘update image file’, ‘create posts (Gutenberg: image, gallery, image-with-text )’ and ‘delete’. Tests were conducted on a local and remote site. Additionally I\u003Cbr \u002F>\nchecked the results of query monitor for every REST-request that uses a function from me. No PHP-errors at all. So, all tests passed. I could not\u003Cbr \u002F>\nclaim a code coverage of 100% or even a test coverage of 100%. That is almost impossible.\u003C\u002Fp>\n\u003Cp>3.3.1 How to repeat the system test\u003Cbr \u002F>\n– Install an empty, new WP site\u003Cbr \u002F>\n– Install this plugin\u003Cbr \u002F>\n– Install Query Monitor plugin\u003Cbr \u002F>\n– Clone the complete code from github to your local site\u003Cbr \u002F>\n– change the directory to the  ….\u002Ftest directory in the cloned repository\u003Cbr \u002F>\n– provide a wp_site.json as described in .\u002Ftest\u002Ftest_rest-api.py\u003Cbr \u002F>\n– run the basic tests with: pytest -k ‘basic’\u003Cbr \u002F>\n– The first run wil fail for one test if the required ‘testfolder’ did not exist on the server.\u003Cbr \u002F>\n– Once more: run the basic tests with: pytest -k ‘basic’. should be 100% PASSED now.\u003Cbr \u002F>\n– Check your WP-testsite and delete the generated image(s)\u003Cbr \u002F>\n– run the full test with: pytest -k ‘testimage or testfield or testpost or cleanup’\u003Cbr \u002F>\n– check the testreport.html after the test\u003Cbr \u002F>\n– OR\u003Cbr \u002F>\n– run the full test and stop it after the post generation with\u003Cbr \u002F>\n–   pytest -k ‘testimage or testfield or testpost or cleanup or testwait’ -s\u003Cbr \u002F>\n– check visually that all posts with image, gallery, image-with-text have flipped images (except one with changed mime-type)\u003Cbr \u002F>\n– continue the test with Enter to delete all generated images, posts etc. from WordPress\u003Cbr \u002F>\n– OR run\u003Cbr \u002F>\n–   pytest -k ‘testimage or testfield or testpost’ –> here you have to delete all generated images, posts etc. from WordPress manually\u003Cbr \u002F>\n–   NOTE: Sometimes the test_clean_up() function does not delete all files in the .\u002Ftestfolder on the server. Don’t know why.\u003Cbr \u002F>\n–   So it is better to check that folder .\u002Ftestfolder is really empty if the test fails.\u003Cbr \u002F>\n– Finally, all tests should be PASSED and GREEN.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>This plugin uses the great work from:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>wordpress for coding hints: https:\u002F\u002Fde.wordpress.org\u002F\u003C\u002Fli>\n\u003Cli>authorization hints: https:\u002F\u002Fdeveloper.wordpress.org\u002Frest-api\u002Ffrequently-asked-questions\u002F\u003C\u002Fli>\n\u003Cli>Enable Media Replacer: https:\u002F\u002Fde.wordpress.org\u002Fplugins\u002Fenable-media-replace\u002F I’m using two classes of this great plugin to handle the link updates.\u003C\u002Fli>\n\u003Cli>PHPunit and BrainMonkey for Testing.\u003C\u002Fli>\n\u003C\u002Ful>\n","Extend the REST-API to work with Wordpress Media-Library. Organize images in Folders. Add and Update images including Metadata and Posts using the ima &hellip;",20,5006,0,"2025-12-04T09:10:00.000Z","6.9.4","6.2","7.4",[19,20,21,22,23],"api","image","json","media-library","rest","https:\u002F\u002Fgithub.com\u002FMartinvonBerg\u002FExt_REST_Media_Lib","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-wpcat-json-rest.1.2.0.zip",100,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":26,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"martinvonberg",3,620,30,94,"2026-05-19T23:56:17.158Z",[39,61,83,102,120],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":47,"downloaded":48,"rating":49,"num_ratings":50,"last_updated":51,"tested_up_to":52,"requires_at_least":53,"requires_php":54,"tags":55,"homepage":58,"download_link":59,"security_score":60,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"disable-json-api","Disable REST API","1.8","Dave McHale","https:\u002F\u002Fprofiles.wordpress.org\u002Fdmchale\u002F","\u003Cp>The most comprehensive plugin for controlling access to the WordPress REST API!\u003C\u002Fp>\n\u003Cp>Works as a “set it and forget it” install. Just upload and activate, and the entire REST API will be inaccessible to your general site visitors.\u003C\u002Fp>\n\u003Cp>But if you do need to grant access to some endpoints, you can do that too. Go to the Settings page and you can quickly whitelist individual endpoints (or entire branches of endpoints) in the REST API.\u003C\u002Fp>\n\u003Cp>You can even do this on a per-user-role basis, so your unauthenticated users have one set of rules while WooCommerce customers have another while Subscribers and Editors and Admins all have their own. NOTE: Out of the box, all defined user roles will still be granted full access to the REST API until you choose to manage those settings.\u003C\u002Fp>\n\u003Cp>For most versions of WordPress, this plugin will return an authentication error if a user is not allowed to access an endpoint. For legacy support, WordPress 4.4, 4.5, and 4.6 use the provided \u003Ccode>rest_enabled\u003C\u002Fcode> filter to disable the entire REST API.\u003C\u002Fp>\n","Disable the use of the REST API on your website to site users. Now with User Role support!",90000,758515,96,38,"2023-09-14T00:26:00.000Z","6.3.8","4.9","5.6",[56,19,21,23,57],"admin","rest-api","http:\u002F\u002Fwww.binarytemplar.com\u002Fdisable-json-api","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-json-api.zip",85,{"slug":62,"name":63,"version":64,"author":65,"author_profile":66,"description":67,"short_description":68,"active_installs":69,"downloaded":70,"rating":71,"num_ratings":72,"last_updated":73,"tested_up_to":15,"requires_at_least":74,"requires_php":75,"tags":76,"homepage":81,"download_link":82,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"jwt-authentication-for-wp-rest-api","JWT Authentication for WP REST API","1.5.0","tmeister","https:\u002F\u002Fprofiles.wordpress.org\u002Ftmeister\u002F","\u003Cp>This plugin seamlessly extends the WP REST API, enabling robust and secure authentication using JSON Web Tokens (JWT). It provides a straightforward way to authenticate users via the REST API, returning a standard JWT upon successful login.\u003C\u002Fp>\n\u003Ch3>Key features of this free version include:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Standard JWT Authentication:\u003C\u002Fstrong> Implements the industry-standard \u003Ca href=\"https:\u002F\u002Ftools.ietf.org\u002Fhtml\u002Frfc7519\" rel=\"nofollow ugc\">RFC 7519\u003C\u002Fa> for secure claims representation.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Simple Endpoints:\u003C\u002Fstrong> Offers clear \u003Ccode>\u002Ftoken\u003C\u002Fcode> and \u003Ccode>\u002Ftoken\u002Fvalidate\u003C\u002Fcode> endpoints for generating and validating tokens.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Configurable Secret Key:\u003C\u002Fstrong> Define your unique secret key via \u003Ccode>wp-config.php\u003C\u002Fcode> for secure token signing.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Optional CORS Support:\u003C\u002Fstrong> Easily enable Cross-Origin Resource Sharing support via a \u003Ccode>wp-config.php\u003C\u002Fcode> constant.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer Hooks:\u003C\u002Fstrong> Provides filters (\u003Ccode>jwt_auth_expire\u003C\u002Fcode>, \u003Ccode>jwt_auth_token_before_sign\u003C\u002Fcode>, etc.) for customizing token behavior.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>JSON Web Tokens are an open, industry standard method for representing claims securely between two parties.\u003C\u002Fp>\n\u003Cp>For users requiring more advanced capabilities such as multiple signing algorithms (RS256, ES256), token refresh\u002Frevocation, UI-based configuration, or priority support, consider checking out \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=description_link_soft\" rel=\"nofollow ugc\">JWT Authentication PRO\u003C\u002Fa>\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Support and Requests:\u003C\u002Fstrong> Please use \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FTmeister\u002Fwp-api-jwt-auth\u002Fissues\" rel=\"nofollow ugc\">GitHub Issues\u003C\u002Fa>. For priority support, consider upgrading to \u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=description_support_link\" rel=\"nofollow ugc\">PRO\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>REQUIREMENTS\u003C\u002Fh3>\n\u003Ch4>WP REST API V2\u003C\u002Fh4>\n\u003Cp>This plugin was conceived to extend the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWP-API\u002FWP-API\" rel=\"nofollow ugc\">WP REST API V2\u003C\u002Fa> plugin features and, of course, was built on top of it.\u003C\u002Fp>\n\u003Cp>So, to use the \u003Cstrong>wp-api-jwt-auth\u003C\u002Fstrong> you need to install and activate \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWP-API\u002FWP-API\" rel=\"nofollow ugc\">WP REST API\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>PHP\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Minimum PHP version: 7.4.0\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>PHP HTTP Authorization Header Enable\u003C\u002Fh3>\n\u003Cp>Most shared hosting providers have disabled the \u003Cstrong>HTTP Authorization Header\u003C\u002Fstrong> by default.\u003C\u002Fp>\n\u003Cp>To enable this option you’ll need to edit your \u003Cstrong>.htaccess\u003C\u002Fstrong> file by adding the following:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>RewriteEngine on\nRewriteCond %{HTTP:Authorization} ^(.*)\nRewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>WPENGINE\u003C\u002Fh4>\n\u003Cp>For WPEngine hosting, you’ll need to edit your \u003Cstrong>.htaccess\u003C\u002Fstrong> file by adding the following:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>SetEnvIf Authorization \"(.*)\" HTTP_AUTHORIZATION=$1\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>See https:\u002F\u002Fgithub.com\u002FTmeister\u002Fwp-api-jwt-auth\u002Fissues\u002F1 for more details.\u003C\u002Fp>\n\u003Ch3>CONFIGURATION\u003C\u002Fh3>\n\u003Ch3>Configure the Secret Key\u003C\u002Fh3>\n\u003Cp>The JWT needs a \u003Cstrong>secret key\u003C\u002Fstrong> to sign the token. This \u003Cstrong>secret key\u003C\u002Fstrong> must be unique and never revealed.\u003C\u002Fp>\n\u003Cp>To add the \u003Cstrong>secret key\u003C\u002Fstrong>, edit your wp-config.php file and add a new constant called \u003Cstrong>JWT_AUTH_SECRET_KEY\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define('JWT_AUTH_SECRET_KEY', 'your-top-secret-key');\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>You can generate a secure key from: https:\u002F\u002Fapi.wordpress.org\u002Fsecret-key\u002F1.1\u002Fsalt\u002F\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Looking for easier configuration?\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=config_secret_key_link\" rel=\"nofollow ugc\">JWT Authentication PRO\u003C\u002Fa> allows you to manage all settings through a simple admin UI.\u003C\u002Fp>\n\u003Ch3>Configure CORS Support\u003C\u002Fh3>\n\u003Cp>The \u003Cstrong>wp-api-jwt-auth\u003C\u002Fstrong> plugin has the option to activate \u003Ca href=\"https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FCross-origin_resource_sharing\" rel=\"nofollow ugc\">CORS\u003C\u002Fa> support.\u003C\u002Fp>\n\u003Cp>To enable CORS Support, edit your wp-config.php file and add a new constant called \u003Cstrong>JWT_AUTH_CORS_ENABLE\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define('JWT_AUTH_CORS_ENABLE', true);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Finally, activate the plugin within your wp-admin.\u003C\u002Fp>\n\u003Ch3>Namespace and Endpoints\u003C\u002Fh3>\n\u003Cp>When the plugin is activated, a new namespace is added:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u002Fjwt-auth\u002Fv1\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Also, two new endpoints are added to this namespace:\u003C\u002Fp>\n\u003Cp>Endpoint | HTTP Verb\u003Cbr \u002F>\n\u003Cem>\u002Fwp-json\u002Fjwt-auth\u002Fv1\u002Ftoken\u003C\u002Fem> | POST\u003Cbr \u002F>\n\u003Cem>\u002Fwp-json\u002Fjwt-auth\u002Fv1\u002Ftoken\u002Fvalidate\u003C\u002Fem> | POST\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Need more functionality?\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=endpoints_pro_note\" rel=\"nofollow ugc\">JWT Authentication PRO\u003C\u002Fa> includes additional endpoints for token refresh and revocation.\u003C\u002Fp>\n\u003Ch3>USAGE\u003C\u002Fh3>\n\u003Ch4>\u002Fwp-json\u002Fjwt-auth\u002Fv1\u002Ftoken\u003C\u002Fh4>\n\u003Cp>This is the entry point for JWT Authentication.\u003C\u002Fp>\n\u003Cp>It validates the user credentials, \u003Cem>username\u003C\u002Fem> and \u003Cem>password\u003C\u002Fem>, and returns a token to use in future requests to the API if the authentication is correct, or an error if authentication fails.\u003C\u002Fp>\n\u003Cp>Sample Request Using AngularJS\u003C\u002Fp>\n\u003Cpre>\u003Ccode>(function() {\n  var app = angular.module('jwtAuth', []);\n\n  app.controller('MainController', function($scope, $http) {\n    var apiHost = 'http:\u002F\u002Fyourdomain.com\u002Fwp-json';\n\n    $http.post(apiHost + '\u002Fjwt-auth\u002Fv1\u002Ftoken', {\n      username: 'admin',\n      password: 'password'\n    })\n    .then(function(response) {\n      console.log(response.data)\n    })\n    .catch(function(error) {\n      console.error('Error', error.data[0]);\n    });\n  });\n})();\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Success Response From The Server\u003C\u002Fp>\n\u003Cpre>\u003Ccode>{\n  \"token\": \"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOlwvXC9qd3QuZGV2IiwiaWF0IjoxNDM4NTcxMDUwLCJuYmYiOjE0Mzg1NzEwNTAsImV4cCI6MTQzOTE3NTg1MCwiZGF0YSI6eyJ1c2VyIjp7ImlkIjoiMSJ9fX0.YNe6AyWW4B7ZwfFE5wJ0O6qQ8QFcYizimDmBy6hCH_8\",\n  \"user_display_name\": \"admin\",\n  \"user_email\": \"admin@localhost.dev\",\n  \"user_nicename\": \"admin\"\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Error Response From The Server\u003C\u002Fp>\n\u003Cpre>\u003Ccode>{\n  \"code\": \"jwt_auth_failed\",\n  \"data\": {\n    \"status\": 403\n  },\n  \"message\": \"Invalid Credentials.\"\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Once you get the token, you must store it somewhere in your application, e.g., in a \u003Cstrong>cookie\u003C\u002Fstrong> or using \u003Cstrong>localStorage\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>From this point, you should pass this token with every API call.\u003C\u002Fp>\n\u003Cp>Sample Call Using The Authorization Header With AngularJS\u003C\u002Fp>\n\u003Cpre>\u003Ccode>app.config(function($httpProvider) {\n  $httpProvider.interceptors.push(['$q', '$location', '$cookies', function($q, $location, $cookies) {\n    return {\n      'request': function(config) {\n        config.headers = config.headers || {};\n        \u002F\u002F Assume that you store the token in a cookie\n        var globals = $cookies.getObject('globals') || {};\n        \u002F\u002F If the cookie has the CurrentUser and the token\n        \u002F\u002F add the Authorization header in each request\n        if (globals.currentUser && globals.currentUser.token) {\n          config.headers.Authorization = 'Bearer ' + globals.currentUser.token;\n        }\n        return config;\n      }\n    };\n  }]);\n});\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>The \u003Cstrong>wp-api-jwt-auth\u003C\u002Fstrong> plugin will intercept every call to the server and will look for the Authorization Header. If the Authorization header is present, it will try to decode the token and will set the user according to the data stored in it.\u003C\u002Fp>\n\u003Cp>If the token is valid, the API call flow will continue as normal.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Sample Headers\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>POST \u002Fresource HTTP\u002F1.1\nHost: server.example.com\nAuthorization: Bearer mF_s9.B5f-4.1JqM\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>ERRORS\u003C\u002Fh3>\n\u003Cp>If the token is invalid, an error will be returned. Here are some sample errors:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Invalid Credentials\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[\n  {\n    \"code\": \"jwt_auth_failed\",\n    \"message\": \"Invalid Credentials.\",\n    \"data\": {\n      \"status\": 403\n    }\n  }\n]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Invalid Signature\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[\n  {\n    \"code\": \"jwt_auth_invalid_token\",\n    \"message\": \"Signature verification failed\",\n    \"data\": {\n      \"status\": 403\n    }\n  }\n]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Expired Token\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[\n  {\n    \"code\": \"jwt_auth_invalid_token\",\n    \"message\": \"Expired token\",\n    \"data\": {\n      \"status\": 403\n    }\n  }\n]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Need advanced error tracking?\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=errors_pro_note\" rel=\"nofollow ugc\">JWT Authentication PRO\u003C\u002Fa> offers enhanced error tracking and monitoring capabilities.\u003C\u002Fp>\n\u003Ch4>\u002Fwp-json\u002Fjwt-auth\u002Fv1\u002Ftoken\u002Fvalidate\u003C\u002Fh4>\n\u003Cp>This is a simple helper endpoint to validate a token. You only need to make a POST request with the Authorization header.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Valid Token Response\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>{\n  \"code\": \"jwt_auth_valid_token\",\n  \"data\": {\n    \"status\": 200\n  }\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>AVAILABLE HOOKS\u003C\u002Fh3>\n\u003Cp>The \u003Cstrong>wp-api-jwt-auth\u003C\u002Fstrong> plugin is developer-friendly and provides five filters to override the default settings.\u003C\u002Fp>\n\u003Ch4>jwt_auth_cors_allow_headers\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_cors_allow_headers\u003C\u002Fstrong> filter allows you to modify the available headers when CORS support is enabled.\u003C\u002Fp>\n\u003Cp>Default Value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>'Access-Control-Allow-Headers, Content-Type, Authorization'\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>jwt_auth_not_before\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_not_before\u003C\u002Fstrong> filter allows you to change the \u003Ca href=\"https:\u002F\u002Ftools.ietf.org\u002Fhtml\u002Frfc7519#section-4.1.5\" rel=\"nofollow ugc\">\u003Cstrong>nbf\u003C\u002Fstrong>\u003C\u002Fa> value before the token is created.\u003C\u002Fp>\n\u003Cp>Default Value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Creation time - time()\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>jwt_auth_expire\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_expire\u003C\u002Fstrong> filter allows you to change the \u003Ca href=\"https:\u002F\u002Ftools.ietf.org\u002Fhtml\u002Frfc7519#section-4.1.4\" rel=\"nofollow ugc\">\u003Cstrong>exp\u003C\u002Fstrong>\u003C\u002Fa> value before the token is created.\u003C\u002Fp>\n\u003Cp>Default Value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>time() + (DAY_IN_SECONDS * 7)\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>jwt_auth_token_before_sign\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_token_before_sign\u003C\u002Fstrong> filter allows you to modify all token data before it is encoded and signed.\u003C\u002Fp>\n\u003Cp>Default Value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$token = array(\n    'iss' => get_bloginfo('url'),\n    'iat' => $issuedAt,\n    'nbf' => $notBefore,\n    'exp' => $expire,\n    'data' => array(\n        'user' => array(\n            'id' => $user->data->ID,\n        )\n    )\n);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Want easier customization?\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=hook_payload_pro_note\" rel=\"nofollow ugc\">JWT Authentication PRO\u003C\u002Fa> allows you to add custom claims directly through the admin UI.\u003C\u002Fp>\n\u003Ch4>jwt_auth_token_before_dispatch\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_token_before_dispatch\u003C\u002Fstrong> filter allows you to modify the response array before it is sent to the client.\u003C\u002Fp>\n\u003Cp>Default Value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$data = array(\n    'token' => $token,\n    'user_email' => $user->data->user_email,\n    'user_nicename' => $user->data->user_nicename,\n    'user_display_name' => $user->data->display_name,\n);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>jwt_auth_algorithm\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_algorithm\u003C\u002Fstrong> filter allows you to modify the signing algorithm.\u003C\u002Fp>\n\u003Cp>Default value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$token = JWT::encode(\n    apply_filters('jwt_auth_token_before_sign', $token, $user),\n    $secret_key,\n    apply_filters('jwt_auth_algorithm', 'HS256')\n);\n\n\u002F\u002F ...\n\n$token = JWT::decode(\n    $token,\n    new Key($secret_key, apply_filters('jwt_auth_algorithm', 'HS256'))\n);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>JWT Authentication PRO\u003C\u002Fh3>\n\u003Cp>Elevate your WordPress security and integration capabilities with \u003Cstrong>JWT Authentication PRO\u003C\u002Fstrong>. Building upon the solid foundation of the free version, the PRO version offers advanced features, enhanced security options, and a streamlined user experience:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Easy Configuration UI:\u003C\u002Fstrong> Manage all settings directly from the WordPress admin area.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Refresh Endpoint:\u003C\u002Fstrong> Allow users to refresh expired tokens seamlessly without requiring re-login.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Revocation Endpoint:\u003C\u002Fstrong> Immediately invalidate specific tokens for enhanced security control.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable Token Payload:\u003C\u002Fstrong> Add custom claims to your JWT payload to suit your specific application needs.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Granular CORS Control:\u003C\u002Fstrong> Define allowed origins and headers with more precision directly in the settings.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Rate Limiting:\u003C\u002Fstrong> Protect your endpoints from abuse with configurable rate limits.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Audit Logs:\u003C\u002Fstrong> Keep track of token generation, validation, and errors.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Priority Support:\u003C\u002Fstrong> Get faster, dedicated support directly from the developer.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=pro_section_cta\" rel=\"nofollow ugc\">Upgrade to JWT Authentication PRO Today!\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>Free vs. PRO Comparison\u003C\u002Fh3>\n\u003Cp>Here’s a quick look at the key differences:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Basic JWT Authentication:\u003C\u002Fstrong> Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Generation:\u003C\u002Fstrong> Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Validation:\u003C\u002Fstrong> Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Refresh Mechanism:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Revocation:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Management Dashboard:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Analytics & Monitoring:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Geo-IP Identification:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Rate Limiting:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Detailed Documentation:\u003C\u002Fstrong> Basic (Free), Comprehensive (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer Tools:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Premium Support:\u003C\u002Fstrong> Community via GitHub (Free), Priority Direct Support (PRO)\u003C\u002Fli>\n\u003C\u002Ful>\n","Extends the WP REST API using JSON Web Tokens Authentication as an authentication method.",60000,906385,88,53,"2026-02-18T00:58:00.000Z","4.2","7.4.0",[77,78,79,57,80],"json-web-authentication","jwt","oauth","wp-api","https:\u002F\u002Fenriquechavez.co","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjwt-authentication-for-wp-rest-api.1.5.0.zip",{"slug":84,"name":85,"version":86,"author":87,"author_profile":88,"description":89,"short_description":90,"active_installs":91,"downloaded":92,"rating":49,"num_ratings":93,"last_updated":94,"tested_up_to":95,"requires_at_least":96,"requires_php":97,"tags":98,"homepage":100,"download_link":101,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"disable-wp-rest-api","Disable WP REST API","2.6.7","Jeff Starr","https:\u002F\u002Fprofiles.wordpress.org\u002Fspecialk\u002F","\u003Cp>\u003Cstrong>Does one thing:\u003C\u002Fstrong> Completely disables the WordPress REST API for visitors who are not logged into WordPress. No configuration required.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Important:\u003C\u002Fstrong> This plugin completely disables the WP REST API for visitors who are NOT logged in to WordPress. So not recommended if your site needs the WP REST API for any non-logged users.\u003C\u002Fp>\n\u003Cp>👉 The fast, simple way to prevent abuse of your site’s REST\u002FJSON API\u003Cbr \u002F>\n👉 Protects your site’s REST data from all non-logged users and bots\u003Cbr \u002F>\n👉 Uses only 4KB of code, so super lightweight, fast, and effective\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Disable REST\u002FJSON for visitors (not logged in)\u003C\u002Fli>\n\u003Cli>Disables REST header in HTTP response for all users\u003C\u002Fli>\n\u003Cli>Disables REST links in HTML head for all users\u003C\u002Fli>\n\u003Cli>100% plug-and-play, set-it-and-forget solution\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>How does it work?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin completely disables the WP REST API \u003Cem>unless\u003C\u002Fem> the user is logged into WordPress.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>For logged-in users, WP REST API works normally\u003C\u002Fli>\n\u003Cli>For logged-out users, WP REST API is disabled\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>What happens if logged-out visitor makes a JSON\u002FREST request? They will get only a simple message:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>rest_login_required: REST API restricted to authenticated users.\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>This message may customized via the filter hook, \u003Ccode>disable_wp_rest_api_error\u003C\u002Fcode>. Check out \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fnot-entirely-for-non-techies\u002F#post-12014965\" rel=\"ugc\">this post\u003C\u002Fa> for an example of how to do it.\u003C\u002Fp>\n\u003Ch3>Privacy\u003C\u002Fh3>\n\u003Cp>This plugin does not collect or store any user data. It does not set any cookies, and it does not connect to any third-party locations. Thus, this plugin does not affect user privacy in any way. If anything it \u003Cem>improves\u003C\u002Fem> user privacy, as it protects potentially sensitive information from being displayed\u002Faccessed via REST API.\u003C\u002Fp>\n\u003Cp>Disable WP REST API is developed and maintained by \u003Ca href=\"https:\u002F\u002Fx.com\u002Fperishable\" rel=\"nofollow ugc\">Jeff Starr\u003C\u002Fa>, 15-year \u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002F\" rel=\"nofollow ugc\">WordPress developer\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fbooks.perishablepress.com\u002F\" rel=\"nofollow ugc\">book author\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Support development of this plugin\u003C\u002Fh3>\n\u003Cp>I develop and maintain this free plugin with love for the WordPress community. To show support, you can \u003Ca href=\"https:\u002F\u002Fmonzillamedia.com\u002Fdonate.html\" rel=\"nofollow ugc\">make a donation\u003C\u002Fa> or purchase one of my books:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwp-tao.com\u002F\" rel=\"nofollow ugc\">The Tao of WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdigwp.com\u002F\" rel=\"nofollow ugc\">Digging into WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fhtaccessbook.com\u002F\" rel=\"nofollow ugc\">.htaccess made easy\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwp-tao.com\u002Fwordpress-themes-book\u002F\" rel=\"nofollow ugc\">WordPress Themes In Depth\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbooks.perishablepress.com\u002Fdownloads\u002Fwizards-collection-sql-recipes-wordpress\u002F\" rel=\"nofollow ugc\">Wizard’s SQL Recipes for WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>And\u002For purchase one of my premium WordPress plugins:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fbbq-pro\u002F\" rel=\"nofollow ugc\">BBQ Pro\u003C\u002Fa> – Blazing fast WordPress firewall\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fblackhole-pro\u002F\" rel=\"nofollow ugc\">Blackhole Pro\u003C\u002Fa> – Automatically block bad bots\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fbanhammer-pro\u002F\" rel=\"nofollow ugc\">Banhammer Pro\u003C\u002Fa> – Monitor traffic and ban the bad guys\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fga-google-analytics-pro\u002F\" rel=\"nofollow ugc\">GA Google Analytics Pro\u003C\u002Fa> – Connect WordPress to Google Analytics\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fhead-meta-pro\u002F\" rel=\"nofollow ugc\">Head Meta Pro\u003C\u002Fa> – Ultimate Meta Tags for WordPress\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fsimple-ajax-chat-pro\u002F\" rel=\"nofollow ugc\">Simple Ajax Chat Pro\u003C\u002Fa> – Unlimited chat rooms\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fusp-pro\u002F\" rel=\"nofollow ugc\">USP Pro\u003C\u002Fa> – Unlimited front-end forms\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Links, tweets and likes also appreciated. Thank you! 🙂\u003C\u002Fp>\n","Disables the WP REST API for visitors not logged into WordPress.",30000,370274,36,"2026-03-27T18:04:00.000Z","7.0","4.7","5.6.20",[19,99,21,23,57],"disable","https:\u002F\u002Fperishablepress.com\u002Fdisable-wp-rest-api\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-wp-rest-api.2.6.7.zip",{"slug":57,"name":103,"version":104,"author":105,"author_profile":106,"description":107,"short_description":108,"active_installs":109,"downloaded":110,"rating":111,"num_ratings":112,"last_updated":113,"tested_up_to":114,"requires_at_least":115,"requires_php":116,"tags":117,"homepage":118,"download_link":119,"security_score":60,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"WordPress REST API (Version 2)","2.0-beta15","Ryan McCue","https:\u002F\u002Fprofiles.wordpress.org\u002Frmccue\u002F","\u003Cp>WordPress is moving towards becoming a fully-fledged application framework, and we need new APIs. This project was born to create an easy-to-use, easy-to-understand and well-tested framework for creating these APIs, plus creating APIs for core.\u003C\u002Fp>\n\u003Cp>This plugin provides an easy to use REST API, available via HTTP. Grab your site’s data in simple JSON format, including users, posts, taxonomies and more. Retrieving or updating data is as simple as sending a HTTP request.\u003C\u002Fp>\n\u003Cp>Want to get your site’s posts? Simply send a \u003Ccode>GET\u003C\u002Fcode> request to \u003Ccode>\u002Fwp-json\u002Fwp\u002Fv2\u002Fposts\u003C\u002Fcode>. Update user with ID 4? Send a \u003Ccode>PUT\u003C\u002Fcode> request to \u003Ccode>\u002Fwp-json\u002Fwp\u002Fv2\u002Fusers\u002F4\u003C\u002Fcode>. Get all posts with the search term “awesome”? \u003Ccode>GET \u002Fwp-json\u002Fwp\u002Fv2\u002Fposts?filter[s]=awesome\u003C\u002Fcode>. It’s that easy.\u003C\u002Fp>\n\u003Cp>The WordPress REST API exposes a simple yet easy interface to WP Query, the posts API, post meta API, users API, revisions API and many more. Chances are, if you can do it with WordPress, the API will let you do it.\u003C\u002Fp>\n\u003Cp>The REST API also includes an easy-to-use JavaScript API based on Backbone models, allowing plugin and theme developers to get up and running without needing to know anything about the details of getting connected.\u003C\u002Fp>\n\u003Cp>Check out \u003Ca href=\"http:\u002F\u002Fv2.wp-api.org\u002F\" rel=\"nofollow ugc\">our documentation\u003C\u002Fa> for information on what’s available in the API and how to use it. We’ve also got documentation on extending the API with extra data for plugin and theme developers!\u003C\u002Fp>\n\u003Cp>All tickets for the project are being tracked on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWP-API\u002FWP-API\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>. You can also take a look at the \u003Ca href=\"http:\u002F\u002Fmake.wp-api.org\u002F\" rel=\"nofollow ugc\">recent updates\u003C\u002Fa> for the project.\u003C\u002Fp>\n","Access your site's data through an easy-to-use HTTP REST API. (Version 2)",10000,534533,84,34,"2017-11-28T07:07:00.000Z","4.7.33","4.6","",[19,21,23,57],"https:\u002F\u002Fgithub.com\u002FWP-API\u002FWP-API","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frest-api.2.0-beta15.zip",{"slug":121,"name":122,"version":123,"author":124,"author_profile":125,"description":126,"short_description":127,"active_installs":109,"downloaded":128,"rating":26,"num_ratings":129,"last_updated":130,"tested_up_to":95,"requires_at_least":54,"requires_php":131,"tags":132,"homepage":135,"download_link":136,"security_score":137,"vuln_count":138,"unpatched_count":13,"last_vuln_date":139,"fetched_at":28},"wpgetapi","WPGet API – Connect to any external REST API","2.25.4","David Anderson \u002F Team Updraft","https:\u002F\u002Fprofiles.wordpress.org\u002Fdavidanderson\u002F","\u003Cp>Connect WordPress to external APIs, without code.\u003C\u002Fp>\n\u003Cp>Easily send data to any API and get data from unlimited 3rd party REST APIs. Format and display the returned data on your WordPress website using a shortcode or a template tag.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FX50qINEs1yo?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>WPGet API supports virtually all authentication methods including API keys, bearer tokens, basic auth, username\u002Fpassword and \u003Ca href=\"https:\u002F\u002Fwpgetapi.com\u002Fdownloads\u002Foauth-2-0-authentication\u002F?utm_campaign=OAuth&utm_medium=wporg&utm_source=readme\" rel=\"nofollow ugc\">OAuth 2.0 authorization\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Live Examples\u003C\u002Fh3>\n\u003Cp>View our live examples of connecting to several different APIs and displaying the data in various unique ways including charts, graphs, tables and weather forecasts.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwpgetapi.com\u002Fdemo-connecting-wordpress-to-external-api\u002F?utm_campaign=Demo&utm_medium=wporg&utm_source=readme\" rel=\"nofollow ugc\">LIVE EXAMPLES – Connecting WordPress to external APIs\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Major Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Connect your WordPress website to any REST API\u003C\u002Fli>\n\u003Cli>Unlimited APIs & endpoints\u003C\u002Fli>\n\u003Cli>No coding required\u003C\u002Fli>\n\u003Cli>Display API data using a template tag or shortcode\u003C\u002Fli>\n\u003Cli>GET, POST, PUT, PATCH & DELETE methods\u003C\u002Fli>\n\u003Cli>Add query string, header & body parameters\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Documentation\u003C\u002Fh3>\n\u003Cp>We have tons of articles and help available.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpgetapi.com\u002Fdocs\u002Fquick-start-guide\u002F?utm_campaign=Docs&utm_medium=wporg&utm_source=readme\" rel=\"nofollow ugc\">Quick Start Guide\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpgetapi.com\u002Fdocs\u002Fstep-by-step-example\u002F?utm_campaign=Docs&utm_medium=wporg&utm_source=readme\" rel=\"nofollow ugc\">Step by Step Example\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpgetapi.com\u002Fdocs\u002Ffrequently-asked-questions\u002F?utm_campaign=Docs&utm_medium=wporg&utm_source=readme\" rel=\"nofollow ugc\">Frequently Asked Questions\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpgetapi.com\u002Fdocs\u002Fwill-this-work-with-my-api\u002F?utm_campaign=OAuth&utm_medium=wporg&utm_source=readme\" rel=\"nofollow ugc\">Will this work with my API?\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Extending WPGet API\u003C\u002Fh3>\n\u003Ch4>PRO Plugin\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwpgetapi.com\u002Fdownloads\u002Fpro-plugin\u002F?utm_campaign=Pro&utm_medium=wporg&utm_source=readme\" rel=\"nofollow ugc\">PRO Plugin\u003C\u002Fa>\u003C\u002Fstrong> provides many extra features that allow you to do some more advanced things with your APIs. Features of the PRO Plugin include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Actions – automate your API when an action happens on your site\u003C\u002Fli>\n\u003Cli>Tokens – grab dynamic data without code and send to your API\u003C\u002Fli>\n\u003Cli>Dynamic variables – a PHP solution for grabbing dynamic values\u003C\u002Fli>\n\u003Cli>Chain API calls\u003C\u002Fli>\n\u003Cli>Cache API calls\u003C\u002Fli>\n\u003Cli>Format API data into HTML\u003C\u002Fli>\n\u003Cli>Retrieve nested data\u003C\u002Fli>\n\u003Cli>Base64 encoded auth\u003C\u002Fli>\n\u003Cli>XML format\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>API to Posts Plugin\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwpgetapi.com\u002Fdownloads\u002Fapi-to-posts\u002F?utm_campaign=APItoPosts&utm_medium=wporg&utm_source=readme\" rel=\"nofollow ugc\">API to Posts Plugin\u003C\u002Fa>\u003C\u002Fstrong> allows you to import API data and create WooCommerce products or custom posts from this API data. Features of the API to Posts Plugin include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Import API data\u003C\u002Fli>\n\u003Cli>Import from unlimited endpoints\u003C\u002Fli>\n\u003Cli>Map API data to WordPress fields\u003C\u002Fli>\n\u003Cli>Supports custom fields, ACF, tags, categories, custom taxonomies, images and more\u003C\u002Fli>\n\u003Cli>Supports all standard WooCommerce fields\u003C\u002Fli>\n\u003Cli>Create WooCommerce products from API data\u003C\u002Fli>\n\u003Cli>Sync API to WooCommerce products & posts\u003C\u002Fli>\n\u003Cli>Set interval of sync from every minutes up to once a week\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>OAuth 2.0 Authorization\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwpgetapi.com\u002Fdownloads\u002Foauth-2-0-authentication\u002F?utm_campaign=OAuth&utm_medium=wporg&utm_source=readme\" rel=\"nofollow ugc\">OAuth 2.0 Authorization\u003C\u002Fa>\u003C\u002Fstrong> plugin allows authorization of your API through the OAuth 2.0 method.\u003C\u002Fp>\n\u003Ch3>WPGet API Integrations\u003C\u002Fh3>\n\u003Cp>WPGet API integrates extremely well with other WordPress plugins, allowing you to do some very cool things with your API. Click the links below for more info on these integrations.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpgetapi.com\u002Fdocs\u002Fconnect-woocommerce-to-api\u002F?utm_campaign=Integrations&utm_medium=wporg&utm_source=readme\" rel=\"nofollow ugc\">WooCommerce to API\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpgetapi.com\u002Fdocs\u002Fwoocommerce-api-product-sync\u002F?utm_campaign=Integrations&utm_medium=wporg&utm_source=readme\" rel=\"nofollow ugc\">WooCommerce API Product Sync\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpgetapi.com\u002Fdocs\u002Fsend-contact-form-7-data-to-api\u002F?utm_campaign=Integrations&utm_medium=wporg&utm_source=readme\" rel=\"nofollow ugc\">Contact Form 7 send data to API\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpgetapi.com\u002Fdocs\u002Fsend-wpforms-data-to-api\u002F?utm_campaign=Integrations&utm_medium=wporg&utm_source=readme\" rel=\"nofollow ugc\">WPForms send data to API\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpgetapi.com\u002Fdocs\u002Fsend-gravity-forms-data-to-api\u002F?utm_campaign=Integrations&utm_medium=wporg&utm_source=readme\" rel=\"nofollow ugc\">Gravity Forms send data to API\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpgetapi.com\u002Fdocs\u002Fusing-with-wpdatatables\u002F?utm_campaign=Integrations&utm_medium=wporg&utm_source=readme\" rel=\"nofollow ugc\">Charts & Tables from API data using wpDataTables\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Translating WPGet API\u003C\u002Fh3>\n\u003Cp>You can translate WPGet API into your own language on \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fwpgetapi\u002F\" rel=\"nofollow ugc\">translate.wordpress.org\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Here is an article to help \u003Ca href=\"https:\u002F\u002Fmake.wordpress.org\u002Fpolyglots\u002Fhandbook\u002Ftranslating\u002Ffirst-steps\u002F\" rel=\"nofollow ugc\">get started with translations\u003C\u002Fa>\u003C\u002Fp>\n","Connect any REST API to WordPress. WPGet API enables easy API integration, allowing you to display API data without any code.",248131,32,"2026-03-25T10:44:00.000Z","7.2",[19,133,134,21,23],"endpoint","external-api","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwpgetapi\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpgetapi.2.25.4.zip",99,2,"2025-03-06 20:56:52",{"attackSurface":141,"codeSignals":176,"taintFlows":184,"riskAssessment":185,"analyzedAt":193},{"hooks":142,"ajaxHandlers":172,"restRoutes":173,"shortcodes":174,"cronEvents":175,"entryPointCount":13,"unprotectedCount":13},[143,150,155,158,162,164,168],{"type":144,"name":145,"callback":146,"priority":147,"file":148,"line":149},"filter","intermediate_image_sizes_advanced","mvbplugins\\extmedialib\\image_subsizes_filter",10,"includes\\handle_subsizes_in_db.php",6,{"type":144,"name":151,"callback":152,"file":153,"line":154},"wp_is_application_passwords_available","__return_true","includes\\require_rest_auth.php",8,{"type":144,"name":156,"callback":157,"file":153,"line":147},"rest_authentication_errors","closure",{"type":159,"name":160,"callback":157,"priority":147,"file":161,"line":35},"action","rest_api_init","includes\\rest_register_functions.php",{"type":159,"name":160,"callback":157,"priority":147,"file":161,"line":163},59,{"type":144,"name":165,"callback":166,"priority":147,"file":167,"line":149},"rest_pre_echo_response","\\mvbplugins\\extmedialib\\trigger_after_rest","includes\\trigger_after_rest.php",{"type":159,"name":160,"callback":169,"file":170,"line":171},"\\mvbplugins\\extmedialib\\register_md5_original","wp_wpcat_json_rest.php",27,[],[],[],[],{"dangerousFunctions":177,"sqlUsage":178,"outputEscaping":181,"fileOperations":179,"externalRequests":13,"nonceChecks":13,"capabilityChecks":138,"bundledLibraries":183},[],{"prepared":179,"raw":13,"locations":180},13,[],{"escaped":138,"rawEcho":13,"locations":182},[],[],[],{"summary":186,"deductions":187},"The \"wp-wpcat-json-rest\" v1.2.0 plugin demonstrates a strong security posture based on the provided static analysis.  It features no identified dangerous functions, all SQL queries utilize prepared statements, and all output is properly escaped.  Furthermore, the absence of external HTTP requests and a minimal attack surface with no REST API routes or AJAX handlers lacking permission callbacks are significant strengths.  The plugin also shows no history of known vulnerabilities, including critical or high severity issues, suggesting a history of secure development practices.\n\nWhile the static analysis reveals no critical security flaws such as unescaped output or unsanitized taint flows, and the vulnerability history is clean, there are a couple of areas for consideration. The plugin performs 13 file operations, which, while not inherently insecure, warrants attention as file operations can sometimes be a vector for vulnerabilities if not handled with extreme care, especially concerning user-supplied input.  Additionally, the plugin has 0 nonce checks, which, in conjunction with the lack of other explicit entry points and permission checks, might indicate a very limited functionality where nonce checks are not strictly necessary for its current scope. However, in a broader context of WordPress security, a complete absence of nonce checks across any component could be a concern if the plugin's functionality were to expand or interact more dynamically with user input in the future.\n\nOverall, the plugin appears to be developed with security in mind, exhibiting good coding practices. The lack of any known CVEs further reinforces this positive assessment. The primary points to note are the file operations and the complete absence of nonce checks, which, given the current data, do not point to immediate exploitable vulnerabilities but are worth keeping in mind for future development and auditing.",[188,190],{"reason":189,"points":33},"13 file operations without explicit security context",{"reason":191,"points":192},"0 nonce checks across all entry points",5,"2026-03-16T23:55:33.016Z",{"wat":195,"direct":206},{"assetPaths":196,"generatorPatterns":200,"scriptPaths":201,"versionParams":203},[197,198,199],"\u002Fwp-content\u002Fplugins\u002Fwp-wpcat-json-rest\u002Fimages\u002F","\u002Fwp-content\u002Fplugins\u002Fwp-wpcat-json-rest\u002Fcss\u002F","\u002Fwp-content\u002Fplugins\u002Fwp-wpcat-json-rest\u002Fjs\u002F",[],[202],"\u002Fwp-content\u002Fplugins\u002Fwp-wpcat-json-rest\u002Fjs\u002Fwp-wpcat-json-rest.js",[204,205],"wp-wpcat-json-rest\u002Fstyle.css?ver=","wp-wpcat-json-rest\u002Fjs\u002Fwp-wpcat-json-rest.js?ver=",{"cssClasses":207,"htmlComments":208,"htmlAttributes":209,"restEndpoints":212,"jsGlobals":219,"shortcodeOutput":221},[],[],[210,211],"data-wpcat-json-rest-gallery","data-wpcat-json-rest-gallery-sort",[213,214,215,216,217,218],"\u002Fwp-json\u002Fextmedialib\u002Fv1\u002Fupdate\u002F(?P\u003Cid>[\\d]+)","\u002Fwp-json\u002Fextmedialib\u002Fv1\u002Fupdate_meta\u002F(?P\u003Cid>[\\d]+)","\u002Fwp-json\u002Fextmedialib\u002Fv1\u002Faddtofolder\u002F(?P\u003Cfolder>[a-zA-Z0-9\\\u002F\\-_]*)","\u002Fwp-json\u002Fextmedialib\u002Fv1\u002Faddfromfolder\u002F(?P\u003Cfolder>[a-zA-Z0-9\\\u002F\\-_]*)","\u002Fwp-json\u002Fextmedialib\u002Fv1\u002Fimagesubsizes","\u002Fwp-json\u002Fextmedialib\u002Fv1\u002Ffiletofolder\u002F(?P\u003Cfolder>[a-zA-Z0-9\\\u002F\\-_]*)",[220],"wpcat_json_rest_settings",[],{"error":223,"url":224,"statusCode":225,"statusMessage":226,"message":226},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fwp-wpcat-json-rest\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":179,"versions":228},[229,235,242,249,256,263,270,277,284,291,298,305,312],{"version":6,"download_url":25,"svn_tag_url":230,"released_at":27,"has_diff":231,"diff_files_changed":232,"diff_lines":27,"trac_diff_url":233,"vulnerabilities":234,"is_current":223},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-wpcat-json-rest\u002Ftags\u002F1.2.0\u002F",false,[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-wpcat-json-rest%2Ftags%2F1.1.0&new_path=%2Fwp-wpcat-json-rest%2Ftags%2F1.2.0",[],{"version":236,"download_url":237,"svn_tag_url":238,"released_at":27,"has_diff":231,"diff_files_changed":239,"diff_lines":27,"trac_diff_url":240,"vulnerabilities":241,"is_current":231},"1.1.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-wpcat-json-rest.1.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-wpcat-json-rest\u002Ftags\u002F1.1.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-wpcat-json-rest%2Ftags%2F1.0.0&new_path=%2Fwp-wpcat-json-rest%2Ftags%2F1.1.0",[],{"version":243,"download_url":244,"svn_tag_url":245,"released_at":27,"has_diff":231,"diff_files_changed":246,"diff_lines":27,"trac_diff_url":247,"vulnerabilities":248,"is_current":231},"1.0.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-wpcat-json-rest.1.0.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-wpcat-json-rest\u002Ftags\u002F1.0.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-wpcat-json-rest%2Ftags%2F0.1.5&new_path=%2Fwp-wpcat-json-rest%2Ftags%2F1.0.0",[],{"version":250,"download_url":251,"svn_tag_url":252,"released_at":27,"has_diff":231,"diff_files_changed":253,"diff_lines":27,"trac_diff_url":254,"vulnerabilities":255,"is_current":231},"0.1.5","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-wpcat-json-rest.0.1.5.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-wpcat-json-rest\u002Ftags\u002F0.1.5\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-wpcat-json-rest%2Ftags%2F0.1.4&new_path=%2Fwp-wpcat-json-rest%2Ftags%2F0.1.5",[],{"version":257,"download_url":258,"svn_tag_url":259,"released_at":27,"has_diff":231,"diff_files_changed":260,"diff_lines":27,"trac_diff_url":261,"vulnerabilities":262,"is_current":231},"0.1.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-wpcat-json-rest.0.1.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-wpcat-json-rest\u002Ftags\u002F0.1.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-wpcat-json-rest%2Ftags%2F0.1.3&new_path=%2Fwp-wpcat-json-rest%2Ftags%2F0.1.4",[],{"version":264,"download_url":265,"svn_tag_url":266,"released_at":27,"has_diff":231,"diff_files_changed":267,"diff_lines":27,"trac_diff_url":268,"vulnerabilities":269,"is_current":231},"0.1.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-wpcat-json-rest.0.1.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-wpcat-json-rest\u002Ftags\u002F0.1.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-wpcat-json-rest%2Ftags%2F0.1.2&new_path=%2Fwp-wpcat-json-rest%2Ftags%2F0.1.3",[],{"version":271,"download_url":272,"svn_tag_url":273,"released_at":27,"has_diff":231,"diff_files_changed":274,"diff_lines":27,"trac_diff_url":275,"vulnerabilities":276,"is_current":231},"0.1.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-wpcat-json-rest.0.1.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-wpcat-json-rest\u002Ftags\u002F0.1.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-wpcat-json-rest%2Ftags%2F0.1.0&new_path=%2Fwp-wpcat-json-rest%2Ftags%2F0.1.2",[],{"version":278,"download_url":279,"svn_tag_url":280,"released_at":27,"has_diff":231,"diff_files_changed":281,"diff_lines":27,"trac_diff_url":282,"vulnerabilities":283,"is_current":231},"0.1.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-wpcat-json-rest.0.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-wpcat-json-rest\u002Ftags\u002F0.1.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-wpcat-json-rest%2Ftags%2F0.0.19&new_path=%2Fwp-wpcat-json-rest%2Ftags%2F0.1.0",[],{"version":285,"download_url":286,"svn_tag_url":287,"released_at":27,"has_diff":231,"diff_files_changed":288,"diff_lines":27,"trac_diff_url":289,"vulnerabilities":290,"is_current":231},"0.0.19","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-wpcat-json-rest.0.0.19.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-wpcat-json-rest\u002Ftags\u002F0.0.19\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-wpcat-json-rest%2Ftags%2F0.0.18&new_path=%2Fwp-wpcat-json-rest%2Ftags%2F0.0.19",[],{"version":292,"download_url":293,"svn_tag_url":294,"released_at":27,"has_diff":231,"diff_files_changed":295,"diff_lines":27,"trac_diff_url":296,"vulnerabilities":297,"is_current":231},"0.0.18","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-wpcat-json-rest.0.0.18.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-wpcat-json-rest\u002Ftags\u002F0.0.18\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-wpcat-json-rest%2Ftags%2F0.0.17&new_path=%2Fwp-wpcat-json-rest%2Ftags%2F0.0.18",[],{"version":299,"download_url":300,"svn_tag_url":301,"released_at":27,"has_diff":231,"diff_files_changed":302,"diff_lines":27,"trac_diff_url":303,"vulnerabilities":304,"is_current":231},"0.0.17","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-wpcat-json-rest.0.0.17.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-wpcat-json-rest\u002Ftags\u002F0.0.17\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-wpcat-json-rest%2Ftags%2F0.0.16&new_path=%2Fwp-wpcat-json-rest%2Ftags%2F0.0.17",[],{"version":306,"download_url":307,"svn_tag_url":308,"released_at":27,"has_diff":231,"diff_files_changed":309,"diff_lines":27,"trac_diff_url":310,"vulnerabilities":311,"is_current":231},"0.0.16","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-wpcat-json-rest.0.0.16.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-wpcat-json-rest\u002Ftags\u002F0.0.16\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-wpcat-json-rest%2Ftags%2F0.0.15&new_path=%2Fwp-wpcat-json-rest%2Ftags%2F0.0.16",[],{"version":313,"download_url":314,"svn_tag_url":315,"released_at":27,"has_diff":231,"diff_files_changed":316,"diff_lines":27,"trac_diff_url":27,"vulnerabilities":317,"is_current":231},"0.0.15","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-wpcat-json-rest.0.0.15.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-wpcat-json-rest\u002Ftags\u002F0.0.15\u002F",[],[]]