JWT installed – API endpoints still open to public

  • Plugin installed:
    JWT Auth – WordPress JSON Web Token Authentication

    WordPress – 6.11
    PHP -7.4.22


    we can generate a AUTH Token to the REST api
    /wp-json/jwt-auth/v1/token?| POST

    and do a API call using POSTMAN JWT Authorisation Bearer | Token

    this all works!

    However, the same API URLS are still public accessible.
    The JWT plugin has not blocked public access to the API .

    All REST API should now require AUTH access.

    I can provide access to the server if required

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘JWT installed – API endpoints still open to public’ is closed to new replies.