Title: Sticklight Author: Elementor Published: 2026 年 5 月 26 日 Last modified: 2026 年 6 月 3 日 --- 搜尋外掛 ![](https://ps.w.org/sticklight/assets/icon.svg?rev=3549373) # Sticklight 由 [Elementor](https://profiles.wordpress.org/elemntor/) 開發 [下載](https://downloads.wordpress.org/plugin/sticklight.1.1.0.zip) * [詳細資料](https://tw.wordpress.org/plugins/sticklight/#description) * [使用者評論](https://tw.wordpress.org/plugins/sticklight/#reviews) * [安裝方式](https://tw.wordpress.org/plugins/sticklight/#installation) * [開發資訊](https://tw.wordpress.org/plugins/sticklight/#developers) [技術支援](https://wordpress.org/support/plugin/sticklight/) ## 外掛說明 Sticklight Connector provides a structured way to use the WordPress user system in external or React-based applications. The plugin extends the WordPress REST API with additional endpoints that allow authenticated clients to retrieve user context and interact with WordPress data, while fully respecting core authentication methods, roles, and capability checks. Sticklight does not replace WordPress authentication. It relies on `wp_authenticate` for credential validation and WordPress Application Passwords for API access, and follows standard permission checks (`current_user_can`) for all requests. #### Typical use cases * React applications connected to a WordPress site * Headless or hybrid WordPress setups * Admin or user dashboards built outside wp-admin * External tools that require authenticated access to WordPress data #### Features * Authenticates via `wp_authenticate` and issues Application Passwords for API access * Adds REST endpoints for login, logout, and retrieving current user context * Enforces WordPress capability checks on all requests * Supports cross-origin headless setups * Extensible via WordPress hooks and filters ### Usage #### Login Authenticate with username (or email) and password: ``` POST /wp-json/sticklight/v1/auth/login ``` On success the response includes an Application Password for subsequent API requests and the authenticated user: ``` { "app_password": "XXXX XXXX XXXX XXXX XXXX XXXX", "user": { "user_id": 1, "username": "admin", "display_name": "Admin", "email": "admin@example.com", "roles": ["administrator"] } } ``` Use the returned `app_password` with HTTP Basic Authentication for all further requests. #### Current user Retrieve the current authenticated user: ``` GET /wp-json/sticklight/v1/auth/me ``` #### Logout Revoke the current Application Password session: ``` POST /wp-json/sticklight/v1/auth/logout ``` #### User registration User creation is handled through the built-in WordPress REST API (`POST /wp-json/ wp/v2/users`) and requires administrator authentication. #### Accessing protected data Requests to any endpoint must pass standard WordPress permission checks. Sticklight does not bypass or override these checks. ### Security Sticklight follows WordPress security practices: * Authenticates via `wp_authenticate`, which respects all security plugin hooks( rate limiting, two-factor authentication, brute-force protection) * Issues Application Passwords scoped to individual sessions * Does not provide user registration — accounts must be created by an administrator * Applies capability checks (`current_user_can`) on all endpoints * Does not expose private data without proper permissions For external applications, it is recommended to: * Use HTTPS * Restrict allowed origins * Avoid exposing sensitive endpoints unnecessarily ## 安裝方式 1. Upload the plugin files to the `/wp-content/plugins/sticklight-connector` directory, or install the plugin through the WordPress plugins screen. 2. Activate the plugin through the **Plugins** screen in WordPress. 3. Ensure permalinks are enabled (**Settings** > **Permalinks**). No additional configuration is required for basic usage. ## 常見問題集 ### Does this plugin replace WordPress authentication? No. It delegates credential validation to `wp_authenticate` and uses WordPress Application Passwords for API access. ### Does it allow bypassing permissions? No. All requests are validated using standard WordPress capability checks. ### Can it be used in headless setups? Yes. It is designed for headless and cross-origin WordPress architectures. ### Does it handle user registration? No. User creation should be done through the built-in WordPress REST API (`POST / wp-json/wp/v2/users`) with administrator authentication. ### Can I extend the endpoints? Yes. Developers can add or modify behavior using WordPress hooks and filters. ## 使用者評論 這個外掛目前沒有任何使用者評論。 ## 參與者及開發者 以下人員參與了開源軟體〈Sticklight〉的開發相關工作。 參與者 * [ Elementor ](https://profiles.wordpress.org/elemntor/) [將〈Sticklight〉外掛本地化為台灣繁體中文版](https://translate.wordpress.org/projects/wp-plugins/sticklight) ### 對開發相關資訊感興趣? 任何人均可[瀏覽程式碼](https://plugins.trac.wordpress.org/browser/sticklight/)、 查看 [SVN 存放庫](https://plugins.svn.wordpress.org/sticklight/),或透過 [RSS](https://plugins.trac.wordpress.org/log/sticklight/?limit=100&mode=stop_on_copy&format=rss) 訂閱[開發記錄](https://plugins.trac.wordpress.org/log/sticklight/)。 ## 變更記錄 #### 1.1.0 * New: Add custom domains to WP REST API cors #### 1.0.0 * Initial release. ## 中繼資料 * 版本 **1.1.0** * 最後更新 **5 天前** * 啟用安裝數 **20+** * WordPress 版本需求 ** 6.8 或更新版本 ** * 已測試相容的 WordPress 版本 **7.0** * PHP 版本需求 ** 7.4 或更新版本 ** * 語言 * [English (US)](https://wordpress.org/plugins/sticklight/) * 標籤: * [api](https://tw.wordpress.org/plugins/tags/api/)[authentication](https://tw.wordpress.org/plugins/tags/authentication/) [headless](https://tw.wordpress.org/plugins/tags/headless/)[react](https://tw.wordpress.org/plugins/tags/react/) [rest-api](https://tw.wordpress.org/plugins/tags/rest-api/) * [進階檢視](https://tw.wordpress.org/plugins/sticklight/advanced/) ## 評分 這個項目尚無任何評論記錄。 [Your review](https://wordpress.org/support/plugin/sticklight/reviews/#new-post) [查看全部使用者評論](https://wordpress.org/support/plugin/sticklight/reviews/) ## 參與者 * [ Elementor ](https://profiles.wordpress.org/elemntor/) ## 技術支援 使用者可在技術支援論壇提出意見反應或使用問題。 [檢視技術支援論壇](https://wordpress.org/support/plugin/sticklight/)