Using Basic Authentication as an Administrator, I am getting an error code 401 Unauthorized : [rest_cannot_view_plugins] Sorry, you are not allowed to manage plugins for this site. error when I attempt to access the GET /wp-json/wp/v2/plugins endpoint of my server. I can pull Post and Page info with no problem, but when I query against the plugins, I’m getting the 401 error. I’ve confirmed that the userid used in the API call should be able to manage plugins using the CLI tool:
# wp user list-caps $USER | grep plugin activate_plugins edit_plugins update_plugins delete_plugins install_plugins
Any pointers would be appreciated.
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
SUGGESTIONS
I suggest the following:
- first ensure you are running WordPress version
5.5.*as this version adds the endpoints for/wp/v2/pluginssee: New and modified REST API endpoints in WordPress 5.5 - using basic authentication issue a request as per the following using curl
curl --user username:password https://example.com/wp-json
The first request should succeed regardless because it will likely be (unless you’ve done otherwise) unsecured.
Then try:
curl --user username:password https://example.com/wp-json/wp/v2/plugins
If this fails you may not have the means to issue basic authentication requests, so add it for the purpose of testing.
Install the following:
https://github.com/WP-API/Basic-Auth/blob/master/basic-auth.php
I’d simply recommend placing that file in your site wp-content/mu-plugins directory. If the directory does not exist, create it first.
Then repeat the curl request:
curl --user username:password https://example.com/wp-json/wp/v2/plugins
If you are authenticated correctly, you should receive back a response appropriate for that endpoint.
TESTS
- I have tested this via first trying on an install
5.3.*and the route does not exist (as we should expect) - I have tested this on an install
5.5.*and the route does exist as expected but requires an authentication method (for testing I have used Basic Authentication) and you can read more about Authentication methods in general here: https://developer.wordpress.org/rest-api/using-the-rest-api/authentication/
NOTE (on authentication):
Depending on what you are trying to achieve you may benefit from more robust authentication like OAuth or Application Passwords (see https://wordpress.org/plugins/application-passwords/) but here the choice is ultimately yours, Basic Authentication may suffice, but be mindful of security considerations around storing plain text username and passwords for the given user making the request. You may want to create a specific use with just enough permissions/capabilities for this purpose if relying on Basic Authentication.
Useful reading:
- https://developer.wordpress.org/rest-api/
- https://developer.wordpress.org/rest-api/using-the-rest-api/authentication/
- https://github.com/WP-API/Basic-Auth/blob/master/basic-auth.php
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0