plugin-icon

REST API Shield & XML-RPC Blocker

Door teamredfox·
A security plugin that controls XML-RPC access and specific WordPress REST API endpoints from anonymous users.
Waardering
Een beoordeling toevoegen
Versie
1.0
Laatst bijgewerkt
Nov 5, 2025

This plugin is designed to fundamentally strengthen the security of your WordPress site.

By default, WordPress exposes REST API endpoints like the user list (/wp/v2/users) even to unauthenticated users (anonymous users). This poses a risk of information leakage and can serve as a stepping stone for brute-force attacks by enabling username enumeration.

Using this plugin, you can finely adjust the following security settings from the “Settings” -> “General” page in the administration area.

Key Security Features

REST API Anonymous Access Restriction:

  • Core endpoints (such as users, comments, media) and broad routes added by plugins can be specified as a blacklist.

  • Routes necessary for blog display (such as wp/v2/posts) can be specified as a whitelist to exempt them from restrictions.

  • Configure the HTTP status code (e.g., 403 Forbidden) and a custom error message to return upon access denial, preventing attackers from gaining insight into your site structure.

Complete XML-RPC Blocking:

  • Completely disable the XML-RPC functionality (xmlrpc.php) at the core WordPress level.

  • When an attacker attempts access, the plugin responds with a specified HTTP status code and a custom error message, deceptively denying access.

This plugin is highly recommended for all WordPress sites that require enhanced security.

Gratisop Business abonnement
Aan de slag
Door te installeren, ga je akkoord met de Servicevoorwaarden van WordPress.com en de voorwaarden voor plugins van derden.
Getest tot
WordPress 6.8.3
Deze plugin kan worden gedownload, zodat je hem op je kan gebruiken.
Downloaden