• Resolved myblackf150

    (@myblackf150)


    Hello Kevin,

    Amazing plugin that WORKS!
    However it conflicts with the WP Social plugin
    https://www.ads-software.com/plugins/wp-social/

    When Force Login is activated the WP Social plugin gives this error:
    {“code”:”rest_unauthorized”,”message”:”Only authenticated users can access the REST API.”,”data”:{“status”:401}}

    Is there a work around please?

    Thank you so very much!
    Mike

    • This topic was modified 3 years, 10 months ago by myblackf150.
Viewing 7 replies - 1 through 7 (of 7 total)
  • Plugin Author Kevin Vess

    (@kevinvess)

    Hi, thanks for using Force Login!

    This seems to be an AJAX / REST API issue.

    Force Login 5.0 or greater restricts access to the REST API for authorized users only. To allow the REST API to be publicly accessible again, try adding one of the following code snippets to your functions.php file:

    add_filter( 'rest_authentication_errors', '__return_true' );
    

    OR

    remove_filter( 'rest_authentication_errors', 'v_forcelogin_rest_access', 99 );
    
    Thread Starter myblackf150

    (@myblackf150)

    Hello Kevin!
    Thank you so much for replying!
    Curious, will that degrade any of the security whatsoever?

    Thank you again for your amazing hard work!

    Thread Starter myblackf150

    (@myblackf150)

    YOU are a genius good Sir!! That fixed it.
    I can’t thank you enough Kevin!

    Plugin Author Kevin Vess

    (@kevinvess)

    Curious, will that degrade any of the security whatsoever?

    Those code snippets will make your site’s API publicly available. However, it’s not likely someone will stumble upon this, but it may allow a developer access to some content.

    https://developer.www.ads-software.com/rest-api/

    Thread Starter myblackf150

    (@myblackf150)

    Thank you again Kevin.
    Would they had privy to the APIs before your plugin or am I explicitly opening the doors now with that line of code?
    And if I may ask, how sensitive of data can they see and lastly is there a way to just isolate the WP Social API?

    Thank you.

    Kind Regards,

    Mike

    Plugin Author Kevin Vess

    (@kevinvess)

    Would they had privy to the APIs before your plugin or am I explicitly opening the doors now with that line of code?

    Developers would have public access to the API before adding Force Login.

    By adding the remove_filter() code above, you’re removing Force Login’s added security to block the WordPress API from being publicly accessible.

    However, the add_filter() code above sets the REST API authentication to always be true or accessible; this might open access to otherwise authentication required endpoints.

    how sensitive of data can they see?

    You’ll have to read through the developer docs about the WordPress REST API to understand how it allows access to your site data.

    “The REST API is a developer-oriented feature of WordPress. It provides data access to the content of your site, and implements the same authentication restrictions — content that is public on your site is generally publicly accessible via the REST API, while private content, password-protected content, internal users, custom post types, and metadata is only available with authentication or if you specifically set it to be so. If you are not a developer, the most important thing to understand about the API is that it enables the block editor and modern plugin interfaces without compromising the security or privacy of your site.”

    https://developer.www.ads-software.com/rest-api/

    is there a way to just isolate the WP Social API?

    Yes, probably–?but you will need to figure out how to identify that plugin is calling the API to then authenticate / allow it to access the API through the same rest_authentication_errors hook.

    Thread Starter myblackf150

    (@myblackf150)

    Thank you Kevin. You truly are one of a kind! Thank you!!

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘GREAT plugin howeverit conflicts with the WP socilaplugin.’ is closed to new replies.