Skip to main content

WordPress Toolkit security measure breaks WordPress REST API



  • cPRex Jurassic Moderator
    Hey there! I reached out to the WPT team directly about this issue, and here is their response: "Security sets permissions 0644/755 for all files/directories, and 0600 for wp-config.php. It also adds a web server rule to prevent fetching these files via http through the "block access to .htaccess and .htpasswd" function. If you remove the permissions to read .htaccess for the group user, the webserver cannot read it cannot apply rewrite rules for permalinks." What they didn't find, was any code that sets .htaccess to 0600, so they don't believe that specific change is caused by WPT. If you're able to reproduce this issue consistently, can you submit a ticket to our team and then we can take a look and escalate to the WPT team if necessary?
  • nkolvek
    Interference with REST also be shown in site health reports,
  • metabo
    Hi, i had the same problem and after some test i find that the WP Toolkit "maintenance mode" was the problem, disable that, use Elementor's Maintence page and problem solved.

Please sign in to leave a comment.