WP REST API Security


The REST API is essential for any modern web framework, but with it comes a huge attack surface. WP REST API Security reduces the attack surface by disabling all the REST API endpoints by default, allowing you to enable only those actually needed. Those that are enabled require authentication by default, allowing you to choose which to make public.

N.B. If you are using the new Block Editor you must keep nearly all the endpoints enabled for it to work, but none need be public.


  1. Install via the Plugin Directory, or upload to your plugins directory.
  2. Activate the plugin through the ‘Plugins’ menu in WordPress.
  3. Go to Settings -> WP REST API Security

N.B. Activating WP REST API Security will disable all REST endpoints – you must enable the ones you need.


24 juni 2019
This is a great plugin that gives you fine-grained control over your REST API, it absolutely deserves 5 stars... BUT there are functionality breaking bugs in the backend, with WP 5.2 + PHP 7.2 i was not able to safe the backend configuration because there were PHP exceptions when saving. That plus the fact that i posted fixes to those problems almost two weeks ago but nothing happened made me remove 2 stars. Hopefully a review gets the authors attention? Still can't go lower with the star rating though, as it is really otherwise exactly what we needed 😉 (even though it is NOT working in the shipped form, but still) If you are interested in using this, do so by all means, the fixes are described in the forum posts.
Lees 1 beoordeling

Bijdragers & ontwikkelaars

“WP REST API Security” is open source software. De volgende personen hebben bijgedragen aan deze plugin.


Vertaal “WP REST API Security” naar jouw taal.

Interesse in ontwikkeling?

Bekijk de code, haal de SVN repository op, of abonneer je op het ontwikkellog via RSS.



  • Fix array error.


  • Fix CSS leakage.
  • Fix array warning.


  • Bugfix.
  • Use actions.


  • Initial release.