Rating: 5 stars

just activate the plugin and it works.

Rating: 5 stars

I’ve tried many different solutions using functions.php because I did not want to install yet another plugin.

I’m glad I found this one though. It’s simple, lightweight, maintains privacy, and functions with the latest version of WordPress.

Thanks Jeff!

Rating: 3 stars

In generel a Good security concept .

But at the other end many plugin developer use the Rest API

Could be done much easier with a 5 3 line htaccess rule to block only ^.*wp-json/wp/v2/(users

But anyway a good solution if you have a simpel installation.

Rating: 1 star

As the title says: Blocks Contact Form 7 forms sending after install and activate.

• This topic was modified 1 year, 9 months ago by Hendrik57.

Rating: 5 stars

Easy and protects my blog, without taking power of my blog:)

• This topic was modified 2 years ago by tinaponting. Reason: rest api

Rating: 5 stars

Really simplified

Rating: 5 stars

while the plugin si deadsimple and very low resource impact, keep in mind that there are plugins that need the rest to work with no auth (ex. contact form 7).

Rating: 5 stars

Good work!

Rating: 5 stars

Really useful, no configuration needed and super fast ..

• This topic was modified 2 years, 9 months ago by mahfoof.

Rating: 5 stars

Excellent! I think it is very useful!

Rating: 5 stars

Beautiful plugin. Before accessing /wp-json on my site leaked tonnes of information. After activation there was just a “REST API restricted to authenticated users” message, wonderful!

As yet, I don’t know if API authentication requests are permitted. At the present time I don’t need such, but for potential APP access in future I would. I’ll cross that bridge when I come to it. Great Plugin, thanks!

Rating: 5 stars

Thanks for making this plugin Jeff! I always appreciate your work and have literally been Googling “wordpess problem Jeff Starr” as of late to find what I need. You always come through!

P.S. to anyone else who doesn’t have these yet, check out Jeff’s 7G Firewall, BBQ, and Blackhole for bots. He also has an amazing htaccess tricks book which is over 9000x worth it. Happy blogging!

Rating: 5 stars

Just install and activate, this plugin will do the rest for you.

Rating: 5 stars

Blocking potential entry points and attack vectors is key to maintaining a healthy website. This small but efficient tool does what it says without fuss or impacting your sites’ functions.

Nothing to lose by installing it and a potential attack point blocked ??

Rating: 5 stars

I’m not using the rest API, neither do those nasty crackers out there.

Rating: 5 stars

I just recently learnt about REST API in WP. I already used “My Private Site”-Plugin which restricts access to content to logged in users. But this works only for the web frontend. Via default enabled REST API still everyone is capable to read all posts! This I unfortunately did not know until I heard about in a tech podcast.

What I also like about this plugin at least in the current version it does not simply turn off REST API it just restricts access to logged in Users. So, if your logged in (e.g., via application password) you can still access the API. This is excellent!

I just wished “My Private Site”-Plugin would also have thought about WP’s REST API. Everyone using this plugin in my opinion will also be interested in not still granting access to content for everyone via REST.

• This topic was modified 3 years, 6 months ago by cuthbert1337.

Rating: 5 stars

It is beyond me why WordPress would allow REST requests for unauthenticated users. But this plugin fixes this security/privacy issue easily and reliably.

Rating: 5 stars

Read about it in CT! Magazine. Makes a difference and I thank you for that.

Rating: 5 stars

thanks for this usefull plugin, installed and work whitout any problem

Rating: 5 stars

Simple and efficient, offers everything you need to secure the REST interface.

Rating: 5 stars

?

Rating: 5 stars

Quick installation and Easy usage. Works great

Rating: 5 stars

Works as described

Rating: 5 stars

Works great!

Rating: 5 stars

It’s easy, you plug in and you do not worry about anything. Remember to log out of the site to see if it works well. Thank you Jeff!

Rating: 5 stars

It works as expected!, Great Plugin

Rating: 5 stars

And again, Jeff supplies us with another great plugin. This time helping us to disable the WP REST API.

Just install, activate, check the output of your site, and see that it works. Easy, simple and very effective. What else do you/I need?

Jeff, good job, as always… Thx!

Rating: 5 stars

I loaded this plugin because it was indicated that all we needed to do is install, activate, and forget about it.

I cannot say that I am entirely happy with it. I do not want to give any message to anyone who is trying to access anything on my website by using rest API….mostly because this seems to be only done by hackers in my case.

But evidently, the only way I can do that is with this small instruction in the plugin information:
This message may customized via the filter hook, disable_wp_rest_api_error.

*** UPDATED ***
This update is made within a half hour of my original post. I was quite pleased that the developer responded extremely quickly, and provided information that I was needing. That was great customer service. My thanks to Jeff, for the product and the information.

• This topic was modified 5 years, 1 month ago by ralphkudzit.

Rating: 5 stars

Simple and great, worked well

Rating: 5 stars

I just found out about this vulnerability and a quick google led me to the author’s article, installed, boom. Fixed. Sweet!

Note, if you are logged in as an admin and test the vulnerability, you’ll still see the JSON payload, so don’t panic.