stan-simflightplan
commented
7 months ago UPDATE:
Unsurprisingly it was a problem with WordPress itself, version 6.3.1 works fine, WordPress 6.3.2 exhibits the symptom above.
Important safety tip for GoDaddy hosted cPanel/Linux environments: Even if you have automatic updates disabled in WordPress Admin, you'll still want to go to your My Applications in cPanel, click on View/Edit Details, and under Automatic Update make sure it's not still set to "Update to new minor versions and security releases" which seems to be the default. Thanks GoDaddy for the 2 days of my life I'll never get back.
We have been using Download Manager Pro with Premium Packages and the WPDM REST API for more than a year and it's been working perfectly. We recently (September) updated all of our plugins on a staging site, tested it, then updated the plugins in our live site. It worked fine for some period of time afterwards, but now we are getting a password error on any/all application passwords for all WordPress users. When we deactivate the WPDM - REST API we are able to POST to all standard WordPress endpoints (at least users and posts which is all we're using) in addition to 10 or more custom endpoints we created. As soon as we activate WPDM -REST API again, all POST requests to any of our endpoints fail with an invalid password error.
To eliminate any of our custom code, I created a new WordPress site, added the same theme (esport x-gaming/ecocoded) and all the same plugins as our live site (there are only 7) and the WordPress REST API works fine with several users/application passwords but as soon as the WPDM - REST API plugin is enabled, all POST requests are rejected with a password error.
What is strange is that we "downgraded" to versions of Download Manager, Premium Packages and the WPDM - REST API plugins that we had backed up from October 23, Sept 23, Aug 23, and Dec 22 and none work now. We can confirm everything was working up until October 8th of 2023, but sometime after that all of our POST endpoints started returning password login errors. If we disable the plugin, the POST requests succeed again.