Make authorization mandatory on custom routes

Late, but maybe helpful for other readers as I added solution specifically to above code of this question. Solution: Permission Callback function WordPress: version 5.7.2 PHP: version 7.4 host: hostmonster.com client: Windows 10 browsers: tested on Chrome, Firefox, even Edge 😜 worked Code (PHP code in function.php of your installed theme): add_action(‘rest_api_init’, function() { /** … Read more

Authenticating with REST API

You don’t need plugins for authentication unless you’re making a cross domain request, and to get the nonce, you just create it as you would any other nonce. As the handbook states: For developers making manual Ajax requests, the nonce will need to be passed with each request. The API uses nonces with the action … Read more

current_user_can(‘administrator’) returns false when I’m logged in

Normally for checking for administration privileges you have to check the ā€œmanage_optionsā€ capability, such as: current_user_can(‘manage_options’) Alternatively, you want to list the roles with wp_get_current_user()->roles and ensure the ā€œAdministratorā€ role is in that array. The capabilities you are checking for do not exist in a vanilla install of wp.

WP REST API GET Requests require authentication

I’ve been working on a similar issue today. Here’s what I’ve done: add_filter(‘rest_dispatch_request’, function($dispatch_result, $request, $route, $handler) { if (!is_user_logged_in()) { $dispatch_result = new WP_Error( ‘rest_not_logged_in’, __( ‘You are not currently logged in.’ ), array( ‘status’ => 401 ) ); } return $dispatch_result; }, 10, 4); You may want to use the $handler to determine … Read more

how to send Ajax request in wordpress backend

When you enqueue or localize a script you’re doing it specifically for the front end or the admin. If you want to enqueue or localize a script in both, you have to specifically do it for both. This is used to enqueue/localize for the front end add_action( ‘wp_enqueue_scripts’, ‘your_function_front’ ); your_function_front() { wp_localize_script(‘scripts’, ‘myAjax’, array( … Read more

How Authentication in wordpress works? wp_authenticate_username_password()

This is the line you’re looking for: $userdata = get_user_by(‘login’, $username); The get_user_by function calls WP_User::get_data_by and that function eventually executes this SQL: SELECT * FROM $wpdb->users WHERE user_login = $username The hashed password will be contained in the results of that query. Eventually, the wp_check_password function will be called to compare the hashes.

What’s hook to use immediately after a user is authentcated [duplicate]

juste before testing login and password, you have the action wp_authenticate: https://codex.wordpress.org/Plugin_API/Action_Reference/wp_authenticate juste after test and only if logging is successful, the action wp_login: https://codex.wordpress.org/Plugin_API/Action_Reference/wp_login and after logging, you can also modify the URL with the filter login_redirect: https://codex.wordpress.org/Plugin_API/Filter_Reference/login_redirect