On Dec. 9, after the release of WordPress 4.7, we published a post with some initial precautionary concerns we had about the REST API, including a feature release to allow you to easily disable it in iThemes Security, after being alerted to potential issues. Disabling the REST API was a temporary solution we felt necessarily while we did a full investigation of it. It was not an ideal or a permanent solution, as current, yet little used WordPress features rely on it, but more and more WordPress features will utilize it in the future.
Before I go on about the details of our review and next steps, we also want to acknowledge the countless hours of discussion and consideration around security issues that had been done by the REST API team prior to release. There was never any doubt about that, or their commitment to security on our team.
I want to personally share my (and our) support for the REST API in WordPress, and, perhaps, more importantly, our trust in and appreciation of the amazing team of people who have worked tirelessly for the last several years to get this REST API project into WordPress core.
We’re also incredibly grateful to the thousands of people who have made and
Source: https://managewp.org/articles/14098/update-on-the-wordpress-rest-api-ithemes-security-plugin
source https://williechiu40.wordpress.com/2016/12/29/update-on-the-wordpress-rest-api-ithemes-security-plugin/
No comments:
Post a Comment