{
"code": "rest_cannot_access",
"message": "Only logged-in users can access the User endpoint REST API.",
"data": {
"status": 401
}
}
This is something that started recently. I noticed this after I disabled the Rest API for WordPress because having the Rest API open is a huge security issue.
Security and API’s
It appears that the issue is caused by the plugin using an insecure way to connect with the API, which requires the user endpoints to remain open for the plugin to function. However, this can lead to critical privacy concerns as it leaves the users’ APIs exposed, allowing unauthorized users to scrape all the data from the WordPress website about the users.
Please try restricting specific REST API endpoints (like the user search one), restricting the whole REST API may break HivePress features because it relies on WordPress API (e.g. all the form requests made via REST API). The social login should be ok since there’s a redirect URL and not the REST API one, but in any case REST API is a core WordPress feature and we can’t fix issues related to disabling it since HivePress also relies on it.
Thanks for the help,
What things or paths do I need to include to make sure that my login for Hivepress won’t get cashed? my plugin is Hummingbird and I also have Cloudflare for my WordPress
Right now, I have an issue: logged-in users are not visible on the home page, which is causing them to be confused… I think that this is related to cash issues.
Sorry, I can’t recommend anything specific regarding disabling REST API, I’d recommend leaving it as is. HivePress registers its REST endpoints using this function register_rest_route() – Function | Developer.WordPress.org All endpoints start with the “hivepress/” prefix, maybe there’s a way to block all endpoints except those starting with “hivepress/” but this would probably break other WordPress features, such as the block editor.
Please provide more details about the login method you are testing (and in which extension), and we will try to help. Also, this issue looks like a cache issue, so I recommend checking the cache settings and clearing it additionally. Please create a new topic and describe this issue so that we can investigate it in more detail.
P.S. If you purchased a theme or extension, please enter the license key in the forum profile settings, this will enable the Premium Support badge and ensure a 24-hour turnaround time.