Invizo Headless Mode helps teams run WordPress as a headless CMS and API backend for a decoupled frontend built with frameworks such as Next.js, Gatsby, Nuxt, SvelteKit, Remix, Astro, or a custom application.
The plugin can disable the WordPress frontend for public visitors by redirecting frontend routes to your configured site URL. WordPress admin, REST API, AJAX, cron, static assets, and supported API routes remain available.
What this plugin offers
- Disable WP frontend access by redirecting public WordPress routes to your frontend.
- Keep REST API, AJAX, cron, static assets, and WPGraphQL requests available.
- Add strict CORS headers for your frontend origin or origin allowlist.
- Generate signed draft preview links for headless WordPress preview workflows.
- Optional custom admin/login slug for hiding default login URLs.
- Return generic JSON errors for blocked
/wp-admin/and/wp-login.phprequests. - Customize the WordPress login page logo, colors, background image, and back-to-site link visibility.
- Disable XML-RPC, hide the WordPress version, and block common user enumeration routes.
- Disable RSS/Atom feeds, RSD, WLW manifest, oEmbed discovery, shortlinks, and related frontend discovery links.
- Rewrite generated post, page, custom post type, and term permalinks to the headless frontend URL.
- Redirect logout to the frontend and login to WordPress admin.
Privacy and external requests
This plugin does not send tracking data to the plugin author.
When you configure a Front-End URL, the plugin may redirect visitors or logged-out users to that URL according to your settings. CORS headers, logout redirects, permalink rewriting, and preview URLs are also based on URLs that you configure in the plugin settings.