Provides a UI to control which REST API endpoints are enabled and which require authentication.
| Author: | Charles Lecklider (profile at wordpress.org) |
| WordPress version required: | 4.9 |
| WordPress version tested: | 5.1.18 |
| Plugin version: | 1.1.2 |
| Added to WordPress repository: | 05-03-2019 |
| Last updated: | 12-08-2019
Warning! This plugin has not been updated in over 2 years. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.
|
| Rating, %: | 80 |
| Rated by: | 1 |
| Plugin URI: | |
| Total downloads: | 471 |
| Active installs: | 10+ |
 Click to start download |
|
The REST API is essential for any modern web framework, but with it comes a huge attack surface. WP REST API Security reduces the attack surface by disabling all the REST API endpoints by default, allowing you to enable only those actually needed. Those that are enabled require authentication by default, allowing you to choose which to make public.
N.B. If you are using the new Block Editor you must keep nearly all the endpoints enabled for it to work, but none need be public.
ChangeLog