Mobile App & REST API Security Recommendations

Mobile App & REST API Security Recommendations

In order to keep your data secure while using your WordPress website or the Event Espresso mobile apps, we highly recommend installing an SSL certificate. Otherwise, personal data, like passwords, can be intercepted and read by others. Please read our earlier article on the importance of SSL certificates and how to get one for your website.

Unable to install an SSL Certificate?

If you are unable to install an SSL Certificate on your website, then our next highest recommendation is installing the Application Passwords WordPress plugin on your website. This will allow the mobile apps to authenticate with your website and pull events and registration data on your behalf.

Once the Application Passwords plugin you can create an application-specific password from the WordPress > Users dashboard. Once you have created an “application password”, you can use it with the mobile apps instead of using your real password. This way, if the password gets intercepted by someone, they don’t have access to your real password, and the application password can be easily revoked.

Want to disable the REST API Security message?

Developers can disable this message by adding this filter to your WordPress install:
//never show warnings, even if using basic auth over http
add_filter(
'EventEspresso__core__libraries__rest_api__controllers__config__handle_request_site_info__insecure_usage_of_basic_auth',
'__return_false' );

Please Remember:
By not installing an SSL Certificate on your website. Your security is at risk and you are exposing your password via an insecure connection.

Need more help?

Do NOT follow this link or you will be banned from the site!