[code]Target Locationwww.expressvpn.comTarget categoryWebsite TestingvrtServer Security MisconfigurationBug urlhttps://www.expressvpn.com/blog/wp-json/DescriptionGo to https://www.expressvpn.com/blog/wp-json/when you arrive at the page you will see this" {"code":"rest_cannot_access","message":"DRA: Only authenticated users can access the REST API.","data":{"status":401}} "{The misconfiguration } In .htaccess: # BEGIN WordPressRewriteEngine OnRewriteBase /RewriteRule ^index.php$ - [L]RewriteCond %{REQUEST_FILENAME} !-fRewriteCond %{REQUEST_FILENAME} !-dRewriteRule . /index.php [L]RewriteCond %{HTTP:Authorization} ^(.)RewriteRule ^(.) - [E=HTTP_AUTHORIZATION:%1]END WordPress{The Fix } Change above to RewriteEngine OnRewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]RewriteBase /RewriteRule ^index.php$ - [L]RewriteCond %{REQUEST_FILENAME} !-fRewriteCond %{REQUEST_FILENAME} !-dRewriteRule . /index.php [L]The HTTP_AUTHORIZATION rule has to come before the other rules, this is because the L flag exists, the L flag means (last - stop processing rules), because of this it would never come to that rule if it was after the original wordpress rules.[/code]

as soon as i read the title i knew who made this thread.