Avoid security risks when using the WordPress REST API plugin (soon to be in core).
Protect yo self or wreck yo self!
Sean Borsodi
WordPress is a database where your content (post, pages, comments, meta data) is stored and a tool to manage that content (CMS). WP core uses an internal API to communicate to the database. The REST API is a way for external tools to communicate to the database.
WP REST API
We used to only have RSS feeds as a way to allow an external tool to access data. Now we have the WP REST API that can use HTTP requests (HEAD “exists?”, GET “view”, DELETE “destroy”, POST “create”, PUT “edit”) to both access and update WordPress content.
Tools
| Postman | A REST client for Chrome. |
|---|
Security
WP REST API supports four HTTP-based Authentication types including cookie, basic, OAuth, and hash-based message authentication code (HMAC).