API call before theme loaded

  • Resolved abrowet

    (@abrowet)


    1 year, 6 months ago

    Hello!

    I’ve implemented some custom API endpoints for a headless WP. Some endpoints are secured using a JWT.

    However, once Wordfence is activated, I start to observe that the API logic is triggered before the theme function is loaded. Therefore the checks are failing and the API block the request although it should have been accepted.

    To demonstrate, I’ve included error_log('setup now'); in and after_setup_theme add_action and error_log('api access check for url:'); when the api check for the JWT

    Here is the result in the error log

    WITHOUT WORDFENCE ACTIVATED
[15-May-2023 10:56:54 UTC] setup now
[15-May-2023 10:56:54 UTC] setup now
[15-May-2023 10:56:54 UTC] jwt called
[15-May-2023 10:56:54 UTC] api access check for url:
[15-May-2023 10:56:54 UTC] /wp-json/realitic/v1/get_forms
[15-May-2023 10:56:54 UTC] jwt called
[15-May-2023 10:56:54 UTC] api access check for url:
[15-May-2023 10:56:54 UTC] /wp-json/realitic/v1/get_forms

WITH WORDFENCE ACTIVATED
[15-May-2023 10:57:54 UTC] api access check for url:
[15-May-2023 10:57:54 UTC] /wp-json/realitic/v1/get_forms
[15-May-2023 10:57:54 UTC] setup now
[15-May-2023 10:57:54 UTC] setup now
[15-May-2023 10:57:54 UTC] jwt called
[15-May-2023 10:57:54 UTC] api access check for url:
[15-May-2023 10:57:54 UTC] /eurohpc_backend/wp-json/realitic/v1/get_forms

    Any idea why this is the case and how to fix this?

    Also, apparently, all API calls are triggered twice, which is the default behavior right?

    Thanks a lot for your help

Viewing 1 replies (of 1 total)
  • Plugin Support wfjanet

    (@wfjanet)

    Hi @abrowet,

    Thank you for reaching out and providing the error logs.

    We don’t provide support for custom code but I had our QA team look into this and here’s a few things you can check:

    • Are you checking if the user is logged in before the init hook? This can cause some of WP’s hooks that Wordfence uses to be called too early.
    • Are you loading any WordPress core files with include or require out of the usual order? This can also cause other hooks to be called out of order.
    • If the site where this is being tested has other plugins, temporarily disable the other plugins and see if the issue still occurs, in case one of the other plugins is doing one of the things above.

    I hope this this helps.

    Thanks,

    Janet.

Viewing 1 replies (of 1 total)
  • The topic ‘API call before theme loaded’ is closed to new replies.