plugin-icon

MaxtDesign REST API Control

제작자: MaxtDesign·
Full control over your WordPress REST API. Block, restrict, or whitelist endpoints per user role. Lightweight, fast, zero frontend footprint.
api control
disable REST API
json api
평가
상품평 추가하기
버전
1.0.5
최근 업데이트일
Jun 18, 2026
MaxtDesign REST API Control

MaxtDesign REST API Control gives you complete control over who can access your WordPress REST API and which endpoints are available.

By default, WordPress exposes a REST API to the public, which can reveal usernames, post data, and site structure to anyone. This plugin lets you lock down the REST API for unauthenticated visitors while keeping it fully functional for logged-in users and the plugins that need it.

Key Features

  • One-click disable — Block all REST API access for unauthenticated users with a single toggle.
  • Endpoint whitelisting — Auto-discovers all registered REST API endpoints and lets you whitelist specific ones, even when the API is disabled.
  • Per-role access control — Restrict REST API access for specific user roles with individual endpoint whitelists.
  • Smart defaults — Automatically detects Contact Form 7 and WooCommerce and whitelists their required endpoints on activation.
  • Zero frontend footprint — No CSS, JavaScript, or HTTP requests are added to your frontend. Ever.
  • Lightweight — No database queries on frontend requests. Uses a single autoloaded option.
  • Import/Export — Transfer settings between sites with JSON export and import.
  • Clean uninstall — Removes all plugin data when deleted. Leaves no trace.

How It Works

The plugin uses the rest_authentication_errors filter — the correct, modern WordPress approach — to intercept REST API requests early in the lifecycle, before any endpoint logic executes. This means blocked requests have virtually zero performance impact.

Built for Performance

This plugin follows the MaxtDesign performance-first philosophy:

  • Zero frontend asset loading (no CSS, no JS, no HTTP requests)
  • Admin assets load only on the plugin’s own settings page
  • Single autoloaded database option — no extra queries
  • Filter fires before endpoint logic — blocked requests are fast

Privacy

This plugin makes no external HTTP requests, sets no cookies, loads no third-party scripts, and collects no analytics. It does not track usage and never “calls home.” It stores a single settings option (mdra_settings) in your database and nothing else; that option is removed when you delete the plugin. No personal or visitor data is processed or transmitted.

무료유료 요금제에서
시작하기
설치하면 WordPress.com 서비스 약관서드파티 플러그인 약관에 동의하게 됩니다.
테스트된 버전
WordPress 7.0
이 플러그인은 다운로드할 수 있으며 에서 사용할 수 있습니다.
다운로드