Back
MaxtDesign REST API Control

MaxtDesign REST API Control

By MaxtDesign
Details
View on WordPress
Back

MaxtDesign REST API Control gives you complete control over who can access your WordPress REST API and which endpoints are available.

By default, WordPress exposes a REST API to the public, which can reveal usernames, post data, and site structure to anyone. This plugin lets you lock down the REST API for unauthenticated visitors while keeping it fully functional for logged-in users and the plugins that need it.

Key Features

  • One-click disable — Block all REST API access for unauthenticated users with a single toggle.
  • Endpoint whitelisting — Auto-discovers all registered REST API endpoints and lets you whitelist specific ones, even when the API is disabled.
  • Per-role access control — Restrict REST API access for specific user roles with individual endpoint whitelists.
  • Smart defaults — Automatically detects Contact Form 7 and WooCommerce and whitelists their required endpoints on activation.
  • Zero frontend footprint — No CSS, JavaScript, or HTTP requests are added to your frontend. Ever.
  • Lightweight — No database queries on frontend requests. Uses a single autoloaded option.
  • Import/Export — Transfer settings between sites with JSON export and import.
  • Clean uninstall — Removes all plugin data when deleted. Leaves no trace.

How It Works

The plugin uses the rest_authentication_errors filter — the correct, modern WordPress approach — to intercept REST API requests early in the lifecycle, before any endpoint logic executes. This means blocked requests have virtually zero performance impact.

Built for Performance

This plugin follows the MaxtDesign performance-first philosophy:

  • Zero frontend asset loading (no CSS, no JS, no HTTP requests)
  • Admin assets load only on the plugin’s own settings page
  • Single autoloaded database option — no extra queries
  • Filter fires before endpoint logic — blocked requests are fast

Privacy

This plugin makes no external HTTP requests, sets no cookies, loads no third-party scripts, and collects no analytics. It does not track usage and never “calls home.” It stores a single settings option (mdra_settings) in your database and nothing else; that option is removed when you delete the plugin. No personal or visitor data is processed or transmitted.

Details

Plugin code:
maxtdesign-rest-api-control
Plugin version:
1.0.5
Author:
MaxtDesign
Outdated:
No
WP version:
6.4 or higher
PHP version:
8.2 or higher
Test up to WP version:
7.0
Total installations:
0
Last updated:
2026-06-18
Rating:
Times rated:
0
api-control
disable-rest-api
json-api
rest-api
security

Related plugins

Plugins that also contain the tag api-control

We use cookies on our website to enhance your browsing experience. By using our site, you agree to the use of cookies, including those from Google Analytics and Google AdSense, for analytics and personalized advertising. You can view our full privacy policy by clicking here. Thank you for visiting!
Got it
Searchable WordPress plugin database - Plugin for that
Popular tags
posts
facebook
live-chat
responsive
rss
cache
elementor
statistics
search
api
jquery
javascript
pages
performance
widgets
woocommerce
calendar
feed
seo
button
About

Plugin for that tries to help you find the WordPress plugin you are looking for.

Please enjoy an image of Crush (this awesome turtle) and have a lovely day!Crush

We do not own any plugin listed on this site and do not work for or work with WordPress.com or it's associated companies. We simply provide a searchable list of the available WordPress plugins.

Plugin for that - Created with by Intology