Check caching/plugins interference Try using: jQuery.ajax({ type: ‘POST’, url : obj_php.ajax_url_login, beforeSend: function (xhr) { xhr.setRequestHeader(‘X-WP-Nonce’, obj_php.nonce); }, Check that nonce is actually set correctly in the hidden form field and when submitting check the payload in dev console, make sure the key/value match i.e, nonce_check: e7chadas0d Lastly, double check you have it setup according … Read more
Alright, guess I figured it all out: Has WP Core been updated to do JSON Schema – based request argument validation automatically now? It seems that that’s the case, yes. If you provide a proper JSON schema, as shown in the example, when using register_rest_route, payload validation is executed automatically, without the provision of a … Read more
REST API – Authentication/Logon security
How to track all users logged into a site?
You should define which resources you want to protect. I think you have such choices: 1) Protect whole site 2) Protect only posts (without resources) 3) Protect posts & all resources (but only uploads, not wp-content! otherwise you will break your themes/plugins) So, as you say you need 3rd way. In such case, you should … Read more
Social login authentication via wordpress rest api
Cant POST with REST API on WordPress
WP REST API with Basic Auth at target website
Blocking the direct access to images in the upload folder WordPress
Properly process a custom WP REST API request (Authenticate, Authorize + Validate)?