## IIS Authorization Rules breaks WP REST-API and results in fail in Site Health

Question

apperently it seems the wordpress rest-api cannot work with restricted authorizations.

when i change the default Allow All Users / this:

to a restricting ad group and remove the All Users (obviously):

which creates this web.config:

<system.webServer>
<security>
<authorization>
<remove users="*" roles="" verbs="" />
</authorization>
</security>
</system.webServer>


all seems fine

at first glance,

but if we go to WP Site Health it reveals this errors:

so it seems the wp REST-Api cannot operate without anonymous / All Users access.

How can i fix this or am i missing something and need to adjust some settings?

thank you

0
6 months 2022-01-28T04:17:46-05:00 0 Answers 0 views 0