security – Securing REST API wp-json/wp/v2/users endpoint


I am fiddling with the WP REST API to allow updating users through a Javascript connector. I am using JWT plugin for this purpose.

The issue is that our Sucuri firewall is blocking access to wp-json/wp/v2/users as the endpoint exposes users data to malicious users over the Internet.

Our firewall can be configured to whitelist an IP address or an IP range, however, as the script (Google Apps Script) in not being run from our LAN but from Google Cloud, this setting is pretty much useless, as any script run in the Google Cloud would be entitled to use the endpoint.

Another firewall setting allows whitelisting a URL, which makes things work, but this leaves the endpoint exposed as explained in the linked article above.

Is there a way protect the wp-json/wp/v2/users REST API endpoint, once this is exposed to public?

Riccardo 2 months 2022-10-12T09:23:56-05:00 0 Answers 0 views 0

Leave an answer