<div>
Thanks for sharing these links. &nbsp;I will review them.
</div>


Thanks for sharing these links.  I will review them.

<div>
You are welcome. &nbsp;The second has the links to the different security plugins based on the authentication type you want like oauth, app passwords, et cetera. &nbsp;Figured you would want to go through background material and choose for yourself. &nbsp;With Cross-Origin Resource Sharing (CORS) in the mix, in most cases simple JavaScript cannot be used off domain with a proxy and callbacks; therefore, you get a little extra security through the effort it will take to write code for your typical internal user. &nbsp;If your site is open to anyone to sign up, hopefully you can mitigate concern.<br />
<br />
Good luck!
</div>


You are welcome.  The second has the links to the different security plugins based on the authentication type you want like oauth, app passwords, et cetera.  Figured you would want to go through background material and choose for yourself.  With Cross-Origin Resource Sharing (CORS) in the mix, in most cases simple JavaScript cannot be used off domain with a proxy and callbacks; therefore, you get a little extra security through the effort it will take to write code for your typical internal user.  If your site is open to anyone to sign up, hopefully you can mitigate concern.

Good luck!

<div>
<div class="content wysiwyg-content">
Hi,<br />
<br />
We are on version 4.8.1 and wanting to make use of the WordPress API. &nbsp;We have an iOS app and wanted to see is there a restrict who can use the WordPress API? &nbsp;From what I've been reading it looks like it's open and enabled by default. &nbsp;I'm wanting to restrict everyone, but at the same time have a dedicated maybe service type account that can use the API.<br />
<br />
How can this be done?
</div>
</div>


Hi,

We are on version 4.8.1 and wanting to make use of the WordPress API.  We have an iOS app and wanted to see is there a restrict who can use the WordPress API?  From what I've been reading it looks like it's open and enabled by default.  I'm wanting to restrict everyone, but at the same time have a dedicated maybe service type account that can use the API.

How can this be done?

WordPress REST API security?

WordPress is a free and open-source content management system (CMS) based on PHP and MySQL for creating websites and blogs. Features include a plugin architecture, a template system and strong management, customization and search systems; through its dynamic presentation of content, webmasters have the flexibility to create websites easily.