json-api; not suited for public-facing wp-installs?
-
this shows great promise, it’s a lot less clumsy then the default xml-rpc api.
that being said; the fact that the json-api allows non-authenticated users to call https://blog.url/api/create_post to … create a post (draft) means that json-api should not be deployed on a public-facing wordpress installation.
I hope authentication will indeed be added soonish and that it will be required for admin-actions such as ‘create_post’?
Viewing 3 replies - 1 through 3 (of 3 total)
Viewing 3 replies - 1 through 3 (of 3 total)
- The topic ‘json-api; not suited for public-facing wp-installs?’ is closed to new replies.