IIS Authorization Rules breaks WP REST-API and results in fail in Site Health
apperently it seems the wordpress rest-api cannot work with restricted authorizations.
when i change the default
Allow All Users / this:
to a restricting ad group and remove the
All Users (obviously):
which creates this
<system.webServer> <security> <authorization> <remove users="*" roles="" verbs="" /> <add accessType="Allow" roles="DOMAINTest-Group" /> </authorization> </security> </system.webServer>
all seems fine
at first glance,
but if we go to WP Site Health it reveals this errors:
so it seems the wp REST-Api cannot operate without
All Users access.
How can i fix this or am i missing something and need to adjust some settings?