WordPress public routes, both API and standard routes

I wanted a list of public WordPress routes for quickly finding routes to test and check security issues, so I generated a list using Bard AI.

My first attempt only provided the API routes. They can be seen below:

===

The following is a list of all routes a site on WordPress can be publicly accessed from by default:

  • /wp-json/ – The root of the WordPress REST API.
  • /wp-json/wp/v2/ – The namespace for the WordPress core REST API.
  • /wp-json/wp/v2/posts/ – A route for managing posts.
  • /wp-json/wp/v2/posts/{id}/ – A route for managing a specific post, where {id} is the post ID.
  • /wp-json/wp/v2/pages/ – A route for managing pages.
  • /wp-json/wp/v2/pages/{id}/ – A route for managing a specific page, where {id} is the page ID.
  • /wp-json/wp/v2/categories/ – A route for managing categories.
  • /wp-json/wp/v2/categories/{id}/ – A route for managing a specific category, where {id} is the category ID.
  • /wp-json/wp/v2/tags/ – A route for managing tags.
  • /wp-json/wp/v2/tags/{id}/ – A route for managing a specific tag, where {id} is the tag ID.
  • /wp-json/wp/v2/users/ – A route for managing users.
  • /wp-json/wp/v2/users/{id}/ – A route for managing a specific user, where {id} is the user ID.
  • /wp-json/wp/v2/media/ – A route for managing media.
  • /wp-json/wp/v2/media/{id}/ – A route for managing a specific media item, where {id} is the media item ID.
  • /wp-json/wp/v2/comments/ – A route for managing comments.
  • /wp-json/wp/v2/comments/{id}/ – A route for managing a specific comment, where {id} is the comment ID.
  • /wp-json/wp/v2/settings/ – A route for managing settings.
  • /wp-json/wp/v2/search/ – A route for searching.

In addition to these default routes, WordPress also allows plugins and themes to register their own custom routes.

It is important to note that the WordPress REST API is exposed by default, but it can be disabled in the WordPress admin settings.

===

I tried again asking for non-API routes, and got a list of important standard routes:

===

The following is a list of all non-API routes a site on WordPress can be publicly accessed from by default:

  • / – The home page of the site.
  • /about/ – The about page of the site.
  • /contact/ – The contact page of the site.
  • /blog/ – The blog page of the site.
  • /category/{slug}/ – A page for displaying all posts in a specific category, where {slug} is the category slug.
  • /tag/{slug}/ – A page for displaying all posts in a specific tag, where {slug} is the tag slug.
  • /archives/{year}/{month}/ – A page for displaying all posts published in a specific year and month.
  • /author/{author_name}/ – A page for displaying all posts published by a specific author, where {author_name} is the author’s name.
  • /wp-login.php – The WordPress login page.
  • /wp-register.php – The WordPress registration page.
  • /wp-admin/ – The WordPress admin dashboard.

In addition to these default routes, WordPress also allows plugins and themes to register their own custom routes.

It is important to note that the WordPress admin dashboard is not publicly accessible by default, but it can be made publicly accessible by changing the WordPress admin settings.

===

This is sufficient for me now, but please note, this is probably not an extensive list.
For an extensive list, please check the official WordPress documentation.

WordPress backup (BackWPup) WARNING File name is too long to save correctly in TarGz archive – tar and zip file name limits explored

While attempting to backup WordPress, I noticed that a warning was being shown.
This warning stated that “WARNING: File name wp-content/uploads/… is too long to be save correctly in TarGz archive”.
The warning seems clear enough, but how long exactly is “too long”, and can this be improved upon?

Searching online gave a few examples of people with similar issues:

The consensus on fixing this seems to be to use “zip” instead.
This is also the officially provided solution for this: WARNING: FILE NAME TOO LONG TO BE SAVED

OK, if you don’t care about any further details, this is the solution. Use “zip”.
I was interested as to the limitations of tar and zip, and if they could be improved upon, so I asked through Bard AI with an appropriate prompt shown below:

===

When creating a backup with tar.gz, I sometimes get a file name too long warning. It seems that only 100 character file names are supported. Is this 100-character limit something that applies to all available tar executables? Is there a way to allow longer file names? Does this limitation differ by Linux, Windows, or Linux distribution/version?

===
The 100-character limit on file names in tar archives is a limitation of the original tar format, which was defined in 1979. This format is still used by many tar implementations today, including the default format used by the GNU tar command.

However, there are also a number of tar implementations that support longer file names. One example is GNU tar with the --format=gnu option. This format allows for file names of up to 255 characters.

Another option is to use a different archive format altogether. For example, the zip format supports file names of up to 65535 characters.

Whether or not you can use longer file names in a tar archive will depend on the tar implementation that you are using and the format of the archive.

To answer your specific questions:

  • The 100-character limit on file names does not apply to all available tar executables. There are a number of tar implementations that support longer file names.
  • There are a few ways to allow longer file names in a tar archive. One option is to use the GNU tar command with the --format=gnu option. Another option is to use a different archive format altogether, such as zip.
  • The limitation on file name length in tar archives does not differ by Linux, Windows, or Linux distribution/version. It is a limitation of the original tar format, which is used by many tar implementations on all platforms.

If you are creating a tar archive, and you get a file name too long warning, you can try one of the following:

  • Use a tar implementation that supports longer file names, such as GNU tar with the --format=gnu option.
  • Use a different archive format altogether, such as zip.
  • Rename the files with longer names to shorter names.
  • Split the files with longer names into multiple files with shorter names.

===

The important parts from above are:
  • tar file name character limit is 100 by default
  • –format=gnu option makes the file name character limit 255
  • zip file name character limit is 65535
OK, so from this it can be concluded that zip file names can be long enough for all but extreme cases.
100 characters is definitely very small, so is an issue.
255 is still not very large, so zip definitely is safer.
I asked AI again if there was a way to increase the character limit further for tar, but it stated there was no way to do this. Maybe there is, but even if, it probably isn’t easy to do, so use zip seems like the way to go.