Select one or more tags, then press “Search Plugins”

Find Plugin with any / all of the selected criteria
Search Plugin

MaxtDesign REST API Control Wordpress Plugin - Rating, Reviews, Demo & Download

MaxtDesign REST API Control Preview Wordpress Plugin - Rating, Reviews, Demo & Download
No ratings yet
Free
Follow for free plugins, new theme releases and theme news

Plugin Description

MaxtDesign REST API Control gives you complete control over who can access your WordPress REST API and which endpoints are available.

By default, WordPress exposes a REST API to the public, which can reveal usernames, post data, and site structure to anyone. This plugin lets you lock down the REST API for unauthenticated visitors while keeping it fully functional for logged-in users and the plugins that need it.

Key Features

  • One-click disable — Block all REST API access for unauthenticated users with a single toggle.
  • Endpoint whitelisting — Auto-discovers all registered REST API endpoints and lets you whitelist specific ones, even when the API is disabled.
  • Per-role access control — Restrict REST API access for specific user roles with individual endpoint whitelists.
  • Smart defaults — Automatically detects Contact Form 7 and WooCommerce and whitelists their required endpoints on activation.
  • Zero frontend footprint — No CSS, JavaScript, or HTTP requests are added to your frontend. Ever.
  • Lightweight — No database queries on frontend requests. Uses a single autoloaded option.
  • Import/Export — Transfer settings between sites with JSON export and import.
  • Clean uninstall — Removes all plugin data when deleted. Leaves no trace.

How It Works

The plugin uses the rest_authentication_errors filter — the correct, modern WordPress approach — to intercept REST API requests early in the lifecycle, before any endpoint logic executes. This means blocked requests have virtually zero performance impact.

Built for Performance

This plugin follows the MaxtDesign performance-first philosophy:

  • Zero frontend asset loading (no CSS, no JS, no HTTP requests)
  • Admin assets load only on the plugin’s own settings page
  • Single autoloaded database option — no extra queries
  • Filter fires before endpoint logic — blocked requests are fast

Privacy

This plugin makes no external HTTP requests, sets no cookies, loads no third-party scripts, and collects no analytics. It does not track usage and never “calls home.” It stores a single settings option (mdra_settings) in your database and nothing else; that option is removed when you delete the plugin. No personal or visitor data is processed or transmitted.

Screenshots

  1. Global settings — one-click toggle to disable REST API for unauthenticated users.

    Global settings — one-click toggle to disable REST API for unauthenticated users.

  2. Endpoint whitelist — auto-discovered endpoints with collapsible namespace tree.

    Endpoint whitelist — auto-discovered endpoints with collapsible namespace tree.

  3. Per-role controls — restrict REST API access for individual user roles.

    Per-role controls — restrict REST API access for individual user roles.

  4. Import/Export — easily transfer settings between sites.

    Import/Export — easily transfer settings between sites.

Similar Plugins:

Rating Widget: Post Rating, 5 Star Rating, Reviews, Thumbs Up & Down, Reaction Default ThumbnailReviews And Rating – Google Reviews Reviews Feed – Google Reviews & Yelp Reviews Plugin

Reviews & Comments