Basic auth is a very common username/password authentication method and it’s as strong as the username-password combination and the encryption of the protocol you’re using.
The weakness of basic auth is that if you use it with plain http instead of https then the username and password is susceptible to a man-in-the-middle attack.
You can use basic auth, but make sure you are using SSL-encryption/https.
Related Posts:
- Reset Password policy
- How to programatically change username (user_login)?
- How to restrict access to uploaded files?
- Allowing users to edit only their page and nobody else’s
- Disallowing Users of a Custom Role from Deleting or Adding Administrators?
- Hide Admin Menu for Specific User ID who has administrator Role
- Allowing an email as the username?
- Retrieve all users from wordpress database via REST/JSON API
- Check if specific username is logged in
- How can I get users email (and additional data) from the rest API?
- Post list based on the user that is logged in
- security+best practices: root or www-data on a wordpress content folder?
- Any reason to be concerned by a wave of “zombie” blog signups?
- How to change WordPress user ID?
- Setting WP Admin passwords to expire
- Copy a user from one WordPress site to another
- Front end user meta options for users
- What do spammers gain by signing up as a user?
- How can I secure a WordPress blog using OpenID from a single provider?
- How to customize wp_signon()
- get_userdata by username
- Can I create users that have access to *some* other users posts instead of all other users posts?
- Set default page for user account in admin
- Share user table from WP with Drupal
- Log all users out of all locations after 24 hours
- Hide everything on site for visitors except specific page IDs
- Managing Users and Creating Groups [closed]
- show text If special user is logged
- Upgrade Nightmare – No Posts, Permissions Issues and Can’t Create a new post
- How to disable a specific page for a specific user
- Allow user access to Dashboard only!
- Restrict access of admin uploads to certain logged-in users?
- Rest API code to get ID of current user not working: get_current_user_id() gives 0
- WordPress API for search
- wordpress user roles are not working
- Force user to change their password on the frontend at the first login and password policy
- Should I encrypt the response that triggers an Ajax action? Is nonce sufficient?
- Are there mutiple ways to get usernames (as a hacker)
- Is there a way to identify a user in a custom REST API method? [duplicate]
- Good way to block users within a multisite setup without deleting them?
- Problem with automatic role change through cron job
- How can I authenticate user credentials against a WordPress instance?
- Rest api return all users (even without content) to all users
- How can I allow an User to publish only 5 posts per month?
- How do I protect user_activation_key?
- Where are $current_user->allcaps set?
- Failed login attempts
- Separate Out Real Users
- No user found when using REST API
- WordPress Password security related questions
- WordPress REST Api: update user
- Preventing user enumeration: which logic is better?
- REST API: wp_get_current_user not working on second call
- How do you manage your pages or functions that require logged-in users?
- Allow admins to login as other users
- Can I Create a Second Admin Level User Role?
- Delete a user from frontend
- Force users to use password with specifications
- Unique password to access a section site
- One Click Access To Users Account In WordPress?
- Using my own user table
- WordPress user role with create user capability?
- User can’t search himself on rest api
- How to verify which WordPress user requested the API in ASP .NET Core?
- Is there a way to call via javascript if a user is logged-in on a static html file?
- change user password REST API
- Update user role for expired membership
- how to retrieve user via rest api using custom meta and/or email
- Getting user data via ajax
- Get UserInfo from WordPress
- How can I display Only the first Array/Object?
- How to customize user rest api?
- The same session information for peer users on two different WordPress servers
- REST API list_user
- How to update a user with REST API v2 knowing only the username?
- Iterating users while user iteration is suppressed
- REST_query_vars for users
- How to use url formatter with integer
- Custom User Role: Can Edit Own Page, Cannot Create New
- WordPress install checking permissions of user id 0
- throttle/limit a logged in user’s http requests to specific page on a per day basis
- Require confirmation of current user’s email before updating database and before send_email_change_email
- Allowing users to edit only their page and nobody else’s
- How to bulk change user role to “No role for this site”
- Restrict Access to the User Profile
- post acces for guests / unregistered users only
- Username has been exposed
- view and update form only for registered users
- Control Category of each user can post
- Securely log in a user without a password using a link?
- Limit user access to installing/configuring a plugin?
- What techniques can a user employ to achieve a password rated “strong” in the WordPress password checker
- Why does a super admin on multi site get a rest_user_invalid_id error code when requesting user details through REST?
- WordPress – Security Question at Login from User’s Meta Data
- determine active user browser at the same time
- MySQL query to list users who never signed in
- Wordpres password as plain text in email
- Recognize logged WP user in existing REST API
- WordPress password as plain text in email
- Can’t retrieve user email address with REST API