Warning about WordPress REST API if non-authenticated requests blocked

Resolved

Topic Tags: Bug

Overview of the issue

Some users set up their sites to block REST API requests that are not authenticated.

In that case you may find WPML reports that the site does not meet minimum requirements because a test REST API endpoint is not reachable, and the warning banners on the WPML > Support page and in the WPML admin toolbar dropdown cannot be dismissed.

Workaround

Until this is fixed the notice can be removed by editing the file sitepress-multilingual-cms/vendor/wpml/wpml/src/Infrastructure/WordPress/SharedKernel/Server/Application/WordPressRestApiStatus.php

Locate these lines (from line 70):

    // Add basic authentication if present
    if ( isset( $_SERVER['PHP_AUTH_USER'] ) && isset( $_SERVER['PHP_AUTH_PW'] ) ) {
      $args['headers']['Authorization'] =
        'Basic ' . base64_encode( $_SERVER['PHP_AUTH_USER'] . ':' . $_SERVER['PHP_AUTH_PW'] );
    }

then immediately afterwards add these 2 lines:

    // Add authentication from cookies
    $args['cookies'] = $_COOKIE;

That will add the necessary authentication to the request which tests the REST API.

4 Responses to “Warning about WordPress REST API if non-authenticated requests blocked”

antoniusP-2 says:

September 25, 2025 at 4:17 pm

question 1

If I do nothing, and wait till WPML fixes this bug, is that an option

question 2

Do you private field, so I can sent you sensitive info, if question 1 is not applicable, myself I am not able to change this, not sure how?

Regards,
TT

Reply
- Nigel says:
  
  September 25, 2025 at 4:25 pm
  
  Hi there, we will soon publish an update to WPML 4.8.2 where this issue is fixed. Given that the issue just generates a warning notice but does not otherwise affect your site it is probably easiest if you just wait for the update. (Keep an eye out for the announcement.) For future reference, you should create a support ticket if you need help applying code to your site like this, where you can securely share sensitive credentials.
  
  Reply
  - enricoG-22 says:
    
    October 21, 2025 at 10:42 am
    
    Hello, when is the WPML 4.8.2 expected?
    
    Reply
    - Nigel says:
      
      October 21, 2025 at 12:06 pm
      
      Hi there, it is available already (in fact 4.8.3 is available, and 4.8.4 will be released soon).
      
      If you are not seeing the updates available from your plugins page, click the “Registered” link under the WPML plugins to go to the custom installer page (on the Commercial tab of the Add New Plugins page). There click the “Check for Updates” button, which should locate the new versions for installing.
      
      Reply