Wordpress JSON API only working when logged in - wordpress

I seem to be only able to access the wordpress json api when I am logged in in wordpress (no matter which endpoint, even on GET mypage.com/wp-json/). When I remove all cookies or logout and call the endpoint I get redirected to the login-screen.
Is this the desired behavior when I do not use nonces?
This happens on our staging environment, on our live-page everything works, I get results from the JSON API even if I am not logged in.
We created the staging site with the plugin from https://wp-staging.com/
So maybe there is a setting missing which has not been copied over? Or can I turn off checking for authentication / nonces on the API somewhere in the wordpress settings?

It turns out that the WP Staging Plugin has an option to limit access to the staging page which is set to "Administrators" by default. Turned it to "Allow access from all" and now it works.

On a WP website that I was asked to work on - it took me a lot of hours on debugging my own code (initially), then to start investigating the theme and finally deeper in other plugins and wp-core...
After all that, I found that the plugin members has functionality to restrict the rest_api access only to logged-in users.
There is a setting for this in the settings page of the plugin.
REST API -> Require authentication for access to the REST API.
So, I am posting this here, in case it could help someone else to avoid the same headache I encountered with this.

Related

Wordpress ERROR :reCAPTCHA verification failed. Please Try Again

I'm new to wordpress, literally the first time using it, and now i am frustrated because i cannot even get in on the page even as an admin because of the error on the title.
So here's how it went :
i wanted to add social login for my web
i install nextend social login and use the google platform for it
i did every step right (i made sure of it, there's a list of steps in the nextend i just simply follow it)
i copy the secret id and cope, i verify it and i wanted to test it out
so i log out of my user, and i don't even see the google button to login (maybe because i haven't add it (i thought it's automatic))
and so i went to login using user and password turns out it gives me an error
ERROR :reCAPTCHA verification failed. Please Try Again.
i have searched at google, youtube and nothing seems to work, please help
Note : i cannot get into my account
Option 1: Examine what other plugins you have installed.
Perhaps one of them is interfering e.g if you have cache plugin, you might want to clear your browser cache and try again and/or disable the cache plugin entirely
Option 2: Disable and re-install
If you have access to the host account, you can disable and re-install the plugin via phpmyadmin or ftp as shown in the following article.
https://kinsta.com/knowledgebase/disable-wordpress-plugins/
Go to your hosting login to WP through there to your admin panel.
Go to your google reCAPTCHA account get keys and paste them to your reCAPTCHA plugin on Wordpress again.

google recaptcha v3 restore keys

I did something very stupid. In my dashboard on the google recaptcha website I deleted the keys for the wrong website.
Now I can not even login to the admin panel on my Wordpress site anymore to disable recaptcha, because the captcha gives an error when logging in.
Is there a workaround to get logged in to the admin panel so I can disable recaptcha?
Or can I restore my recaptcha-keys in the dashboard somehow?
I can not find either solutions on google.
I can access the files on the FTP server to maybe disable recaptcha in the code somehow? But I can't find the right file.
Any help will be appreciated!
If you are on Cpanel, you can drop down to the "Softalicious" section which will list your WP installations. It also has a login button to take you directly into the admin section. (I installed Cloudflare's Turnstyle. If if finds an error, it says "Veify you are human" ... but provides no method to do just that! So I too had t log in via this backdoor method!)

Weird Caching Issue - WordPress + Ultimate Member + WP Engine + Cloudflare

I am facing a very weird caching issue on my site. The site is hosted on WP Engine with Cloudflare setup. Here is the complete scenario when the user tried to access the site.
When the user upgrades to pro after successful payment, then all the pro listing should be visible to them OR I can say they can access pro listing. But after successful payment when a user tries to access the pro listing it shows you need an upgrade to pro. After hard refresh 2 to 3 times. It works normally.
Note:
I have already reached out to the support team. They are working
on it. I am just want to prepare my self for plan B :)
My site does not have any caching plugin.
I have already bypassed the caching from Cloudflare for that page.
I have added Cache Level to Bypass in page rules. Let me know if I need to add anything else to the page rules.
I am sure it is a caching issue. I am open to suggestions on how to fix that.
Thanks!
you can use wp-super cache plugin.
and you need to clear your browser cache.
I am using wp-engine. when I faced like that, I used wp-super cache plugin.
if the plugin is not working, you are working on different place.
check your file path, please. live site or staging site... because you might make a mistake..

WordPress “wp-admin” redirecting to a user account login

I’m getting a very strange error. When I try to log in to the back-end of WordPress at the address mysite.com/wp-admin, to access the back-end, I am automatically being redirected to mysite.com/login.php... as if I were trying to log into an account as a regular user or a customer.
I’m a novice with WordPress, and I can’t seem to figure this out. Please help.
I have a website which allows some of the users to post available jobs around the block and others apply through it.
Thank You
I'm not using any plugin to implement the front-end at all.
I tried to login using the regular admin credentials and it didn't work.
A way to login the back-end so i can customize the site
It sounds like you have a theme redirect. Try logging into your site using the login page it should function the exact same way. If not try seeing if the theme has any documentation about its redirect. and if you are able to get to the admin section i personally like having ithemes installed which lets me set my own url for the backend. You can also try /wp-login.php as well.

Is there way to check wordpress logs? Like what actions admin has performed etc?

hi friends Is there way to check wordpress logs? Like what actions admin has performed etc?
Actually I am working on a project and someone has deleted my pages templates to trash and my site was down. I want to check who did this in my wordpress admin panel?
I don't think Wordpress has an event log, at least I've never heard of one or seen one. There is a login logger plugin, but it has to be installed and doesn't work retroactively.
In theory, it should be possible to get at least the IP address of the perpetrator from the normal Apache access logs, and searching it for all recent accesses to the /wp-admin folder. That is pretty cumbersome work, though.
You can use a plugin for this: try Stream or its competitors.
You may try this Activity Log Plugin.
If you have tens of users or more, you really can’t know who did what.
This plugin tries to solve this issue by tracking what users do, and
displaying it in an easy to use and easy to filter view on the
dashboard of your WordPress site.
You can try User Activity Log - WordPress Plugin.
It helps you monitor and keep track of all the activities occurs on the admin side. It will give information about log of all user activity and admin get notified when a particular user is logged in.
The following is not about action logs, but error logs, but it is also helpful. If that happened and you have WooCommerce installed, you will have access to logs:
Admin panel->WooCommerce->Status-> a tab: [Logs]

Resources