Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.

Cloudron Forum

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

K

Wordpress JWT Authetication Plugin
Watching Ignoring Scheduled Pinned Locked Moved WordPress (Developer) rewrite htaccess jwt
10

0 Votes

10 Posts

2k Views

G

@ketchalegend I see. With the above htaccess, I got curl -X POST -H "Authorization: Bearer 1234567890" https://wp.domain.com/wp-json/jwt-auth/token {"success":false,"statusCode":403,"code":"jwt_auth_invalid_token","message":"Wrong number of segments","data":[]} So looks like the route is working.
A

Wordpress: restrict access by IP (wp-admin and wp-login.php)
Watching Ignoring Scheduled Pinned Locked Moved Unsolved WordPress (Managed) wordpress cloudron htaccess security nginx
3

0 Votes

3 Posts

13k Views

N

@ahkg the reason for whitelisting 172.18.0.1 give access to all requests, is that this is the ip of the Cloudron internal gateway into the subnet where all apps are running. Unfortunately for your case the cloudron healtcheck also comes via this gateway. I think your htaccess file needs to check for the X-Forwarded-For header to check against the correct inbound address.

Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.

Cloudron Forum

Wordpress JWT Authetication Plugin

Wordpress: restrict access by IP (wp-admin and wp-login.php)