{"id":93752,"date":"2018-11-11T19:08:51","date_gmt":"2018-11-11T19:08:51","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/rest-xmlrpc-data-checker\/"},"modified":"2022-08-04T06:44:57","modified_gmt":"2022-08-04T06:44:57","slug":"rest-xmlrpc-data-checker","status":"publish","type":"plugin","link":"https:\/\/ceb.wordpress.org\/plugins\/rest-xmlrpc-data-checker\/","author":14535036,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"1.4.0","stable_tag":"1.4.0","tested":"6.0.11","requires":"4.4","requires_php":"5.2.4","requires_plugins":"","header_name":"REST XMLRPC Data Checker","header_author":"Enrico Sorcinelli","header_description":"A WordPress plugin that allow to check JSON REST and XML-RPC API requests and grant access permissions","assets_banners_color":"","last_updated":"2022-08-04 06:44:57","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"https:\/\/github.com\/enrico-sorcinelli\/rest-xmlrpc-data-checker","header_author_uri":"https:\/\/github.com\/enrico-sorcinelli\/rest-xmlrpc-data-checker\/graphs\/contributors","rating":5,"author_block_rating":0,"active_installs":1000,"downloads":11086,"num_ratings":3,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.0.0":{"tag":"1.0.0","author":"enrico.sorcinelli","date":"2018-11-11 19:09:31"},"1.0.1":{"tag":"1.0.1","author":"enrico.sorcinelli","date":"2018-11-18 10:42:03"},"1.1.0":{"tag":"1.1.0","author":"enrico.sorcinelli","date":"2018-11-25 10:46:26"},"1.2.1":{"tag":"1.2.1","author":"enrico.sorcinelli","date":"2018-12-03 22:05:34"},"1.2.2":{"tag":"1.2.2","author":"enrico.sorcinelli","date":"2018-12-12 09:23:38"},"1.3.0":{"tag":"1.3.0","author":"enrico.sorcinelli","date":"2019-03-09 19:16:19"},"1.3.1":{"tag":"1.3.1","author":"enrico.sorcinelli","date":"2019-05-28 21:10:35"},"1.3.2":{"tag":"1.3.2","author":"enrico.sorcinelli","date":"2020-08-14 16:19:24"},"1.4.0":{"tag":"1.4.0","author":"enrico.sorcinelli","date":"2022-08-04 06:44:57"}},"upgrade_notice":{"1.4.0":"<ul>\n<li>Multisite support improvement for superadmin plugin&#039;s caps.<\/li>\n<li>Tested to the latest WordPress release.<\/li>\n<\/ul>","1.3.1":"<ul>\n<li>Allows to use PHP single line comments in trusted network option; allows to prevent to leave blocks comments in <code>post_content<\/code> via XML-RPC.<\/li>\n<\/ul>","1.3.0":"<ul>\n<li>Trusted networks check over IP address found in HTTP headers added by proxy or load balancer is now disabled by default. It can be enabled on plugin settings page.<\/li>\n<\/ul>"},"ratings":{"1":0,"2":0,"3":0,"4":0,"5":3},"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":1973092,"resolution":"128x128","location":"assets","locale":""},"icon-256x256.png":{"filename":"icon-256x256.png","revision":1973092,"resolution":"256x256","location":"assets","locale":""}},"assets_banners":[],"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.0","1.0.1","1.1.0","1.2.1","1.2.2","1.3.0","1.3.1","1.3.2","1.4.0"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":2096750,"resolution":"1","location":"assets","locale":""},"screenshot-2.png":{"filename":"screenshot-2.png","revision":2096750,"resolution":"2","location":"assets","locale":""},"screenshot-3.png":{"filename":"screenshot-3.png","revision":2047276,"resolution":"3","location":"assets","locale":""},"screenshot-4.png":{"filename":"screenshot-4.png","revision":2047276,"resolution":"4","location":"assets","locale":""},"screenshot-5.png":{"filename":"screenshot-5.png","revision":2047276,"resolution":"5","location":"assets","locale":""}},"screenshots":{"1":"The JSON REST settings section.","2":"The XML-RPC settings section.","3":"The Options settings section.","4":"Enable XML-RPC and REST interfaces on user profile\/user edit pages (available only for users with <code>edit_users<\/code> capability).","5":"User list administration screen."},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[1556,1118,2299,600,14731],"plugin_category":[54],"plugin_contributors":[158160],"plugin_business_model":[],"class_list":["post-93752","plugin","type-plugin","status-publish","hentry","plugin_tags-api","plugin_tags-json","plugin_tags-rest","plugin_tags-security","plugin_tags-xmlrpc","plugin_category-security-and-spam-protection","plugin_contributors-enricosorcinelli","plugin_committers-enricosorcinelli"],"banners":[],"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/rest-xmlrpc-data-checker\/assets\/icon-128x128.png?rev=1973092","icon_2x":"https:\/\/ps.w.org\/rest-xmlrpc-data-checker\/assets\/icon-256x256.png?rev=1973092","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/rest-xmlrpc-data-checker\/assets\/screenshot-1.png?rev=2096750","caption":"The JSON REST settings section."},{"src":"https:\/\/ps.w.org\/rest-xmlrpc-data-checker\/assets\/screenshot-2.png?rev=2096750","caption":"The XML-RPC settings section."},{"src":"https:\/\/ps.w.org\/rest-xmlrpc-data-checker\/assets\/screenshot-3.png?rev=2047276","caption":"The Options settings section."},{"src":"https:\/\/ps.w.org\/rest-xmlrpc-data-checker\/assets\/screenshot-4.png?rev=2047276","caption":"Enable XML-RPC and REST interfaces on user profile\/user edit pages (available only for users with <code>edit_users<\/code> capability)."},{"src":"https:\/\/ps.w.org\/rest-xmlrpc-data-checker\/assets\/screenshot-5.png?rev=2047276","caption":"User list administration screen."}],"raw_content":"<!--section=description-->\n<p>JSON REST API and XML-RPC API are powerful ways to remotely interact with WordPress.<\/p>\n\n<p>If you don't have external applications that need to communicate with your WordPress instance using JSON REST API or XML-RPC API you should disable access to them for external requests.<\/p>\n\n<p>In the standard WordPress installation JSON REST API and XML-RPC API are enabled by default.\nIn particular the REST API is turned on also for unlogged users. This means that your WordPress instance is potentially leaking data, for example anyone could be able to:<\/p>\n\n<ul>\n<li>copy easily your published contents natively with the REST API (and not with a web crawler);<\/li>\n<li>get the list of all users (with their ID, nickname and name);<\/li>\n<li>retrieve other information that you didn't want to be public (such as an unlisted published page or a saved media not yet used).<\/li>\n<\/ul>\n\n<p>Even if you could do the stuff by writing your own code using native filters, this plugin aims to help you to control JSON REST API and XML-RPC API accesses from the administration panel or programmatically by a simple API filter.<\/p>\n\n<h3>Basic Features<\/h3>\n\n<ul>\n<li><strong>Disable REST API<\/strong> interface for unlogged users.<\/li>\n<li><strong>Disable JSONP support<\/strong> on REST API.<\/li>\n<li><strong>Add Basic Authentication<\/strong> to REST API.<\/li>\n<li><strong>Remove<\/strong> REST <code>&lt;link&gt;<\/code> tags, REST <code>Link<\/code> HTTP header and REST Really Simple Discovery (RSD) informations.<\/li>\n<li><strong>Setup trusted users, IP\/Networks and endpoints<\/strong> for unlogged users REST requests.<\/li>\n<li><strong>Change REST endpoint prefix<\/strong>.<\/li>\n<li><strong>Disable XML-RPC API<\/strong> interface.<\/li>\n<li><strong>Remove<\/strong> <code>&lt;link&gt;<\/code> to the Really Simple Discovery (RDS) informations.<\/li>\n<li><strong>Remove<\/strong> <code>X-Pingback<\/code> HTTP header.<\/li>\n<li><strong>Setup trusted users, IP\/Networks and methods<\/strong> for XML-RPC requests.<\/li>\n<li><strong>Show user's access informations<\/strong> in users list administration screen.<\/li>\n<\/ul>\n\n<h3>Usage<\/h3>\n\n<p>Once the plugin is installed you can control settings in the following ways:<\/p>\n\n<ul>\n<li>Using the <em>Settings-&gt;REST XML-RPC Data Checker<\/em> administration screen.<\/li>\n<li>Programmatically, by using <code>rest_xmlrpc_data_checker_settings<\/code> filter (see below).<\/li>\n<\/ul>\n\n<h3>API<\/h3>\n\n<h4>Hooks<\/h4>\n\n<p><strong><code>rest_xmlrpc_data_checker_settings<\/code><\/strong><\/p>\n\n<p>Filters plugin settings values.<\/p>\n\n<pre><code>apply_filters( 'rest_xmlrpc_data_checker_settings', array $settings )\n<\/code><\/pre>\n\n<p><strong><code>rest_xmlrpc_data_checker_admin_settings<\/code><\/strong><\/p>\n\n<p>Filter allowing to display or not the plugin settings page in the administration.<\/p>\n\n<pre><code>apply_filters( 'rest_xmlrpc_data_checker_admin_settings', boolean $display )\n<\/code><\/pre>\n\n<p><strong><code>rest_xmlrpc_data_checker_rest_error<\/code><\/strong><\/p>\n\n<p>Filter JSON REST authentication error after plugin checks.<\/p>\n\n<pre><code>apply_filters( 'rest_xmlrpc_data_checker_rest_error', WP_Error|boolean $result )\n<\/code><\/pre>\n\n<p><strong><code>xmlrpc_before_insert_post<\/code><\/strong><\/p>\n\n<p>Filter XML-RPC post data to be inserted via XML-RPC before to insert post into database.<\/p>\n\n<pre><code>apply_filters( 'xmlrpc_before_insert_post', array|IXR_Error $content_struct, WP_User $user )\n<\/code><\/pre>\n\n<!--section=installation-->\n<p>This section describes how to install the plugin and get it working.<\/p>\n\n<ol>\n<li>Upload the plugin files to the <code>\/wp-content\/plugins\/rest-xmlrpc-data-checker<\/code> directory, or install the plugin through the WordPress <em>Plugins<\/em> screen directly.<\/li>\n<li>Activate the plugin through the <em>Plugins<\/em> screen in WordPress.<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id='does%20it%20work%20with%20gutenberg%3F'><h3>Does it work with Gutenberg?<\/h3><\/dt>\n<dd><p>Yes<\/p><\/dd>\n<dt id='does%20it%20work%20on%20multisite%3F'><h3>Does it work on Multisite?<\/h3><\/dt>\n<dd><p>Yes<\/p><\/dd>\n<dt id='how%20do%20i%20make%20rest%20requests%20using%20basic%20authentication%3F'><h3>How do I make REST requests using Basic Authentication?<\/h3><\/dt>\n<dd><p>In the <em>REST<\/em> tab of plugin settings page you have to:<\/p>\n\n<ul>\n<li>check <strong>Disable REST API interface for unlogged users<\/strong> option<\/li>\n<li>select <strong>Use Basic Authentication<\/strong> in the <em>Authentication<\/em> section<\/li>\n<li>select users whom you want to grant REST access<\/li>\n<li>save changes<\/li>\n<\/ul>\n\n<p>This way, in HTTP REST external requests, users have to add <code>Authorization<\/code> HTTP header.<\/p>\n\n<p>In order to generate the <code>Authorization<\/code> HTTP header to use with Basic Authentication you simply have to base64 encode the username and password separated by a colon.<\/p>\n\n<p>Here is an example in PHP:<\/p>\n\n<pre><code>$header = 'Authorization: Basic ' . base64_encode( 'my-user:my-password' );\n<\/code><\/pre>\n\n<p><a href=\"https:\/\/gist.github.com\/enrico-sorcinelli\/d33b6889888e95f710bc50a2090a25cf\">Here you can see several examples<\/a> in a variety of language.<\/p>\n\n<p>Note that the Basic Authentication requires sending your username and password with every request, and should only be used over SSL-secured connections or for local development and testing.\nWithout SSL you are strongly encouraged to to turn off Basic Authentication in production environments.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<p>For REST XML-RPC Data Checker changelog, please see <a href=\"https:\/\/github.com\/enrico-sorcinelli\/rest-xmlrpc-data-checker\/releases\">the Releases page on GitHub<\/a>.<\/p>","raw_excerpt":"REST XML-RPC Data Checker allow to check JSON REST and XML-RPC API requests and grant access permissions.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ceb.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/93752","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ceb.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/ceb.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/ceb.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=93752"}],"author":[{"embeddable":true,"href":"https:\/\/ceb.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/enricosorcinelli"}],"wp:attachment":[{"href":"https:\/\/ceb.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=93752"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/ceb.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=93752"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/ceb.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=93752"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/ceb.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=93752"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/ceb.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=93752"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/ceb.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=93752"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}