Plugin categories

Create a Website with AI
All pluginsIntegration and APIs

Disable REST API

Disable REST API

Disable REST API

Visit the website

Disable the use of the REST API on your website to site users. Now with User Role support!

4.8

Rating summary

38

Reviews

90K

Active installations

Download the Plugin
Disable REST API
Disable REST API
Disable REST API
Disable REST API

Overview

Compatibility

Installation instructions

Customer support & learning resources

Changelog

Main benefits

Control REST API access

Easy set-and-forget install

Whitelist specific endpoints

Per-user-role access rules

Legacy WordPress support

About this plugin

Author: Dave McHale
Version: 1.8
Last updated: 14-09-2023
WordPress version: 4.9
Tested up to: 6.3.5
PHP version required: 5.6
Languages: Deutsch (Sie), Deutsch [+11]

Overview

The WordPress REST API Access Control plugin is designed to provide robust control over access to the WordPress REST API. Functioning as a "set it and forget it" solution, it renders the REST API inaccessible to general site visitors upon activation. However, it offers flexibility through its settings page, allowing users to whitelist individual endpoints or branches of endpoints. Additionally, it supports per-user-role access control, letting administrators define specific rules for different user roles, including unauthenticated users, WooCommerce customers, Subscribers, Editors, and Admins. By default, all user roles retain full access to the REST API until otherwise configured by the admin. For legacy WordPress versions (4.4, 4.5, and 4.6), the plugin uses the rest_enabled filter to manage access, ensuring comprehensive compatibility and control.

Easy Installation and Setup

  • Works as a 'set it and forget it' install.
  • Just upload and activate to make the REST API inaccessible to general site visitors.

Granular Access Control

  • Quickly whitelist individual endpoints or entire branches of endpoints.
  • Control access on a per-user-role basis.

User Role Management

  • Unauthenticated users, WooCommerce customers, Subscribers, Editors, and Admins can have different access rules.
  • Out of the box, all defined user roles have full access until settings are managed.

Legacy Support

  • Returns an authentication error for unauthorized users on most WordPress versions.
  • Supports WordPress 4.4, 4.5, and 4.6 using the rest_enabled filter to disable the REST API.

Features list

Feature

Free version

Premium version

Subscribers, editors, and admins can be subject to different rules

Different user roles can have distinct access rules.

Whitelisting individual REST API endpoints is very simple

Easily allow access to specific REST API endpoints.

Manages access to the WordPress REST API

Controls who can access the WordPress REST API.

Makes the entire REST API inaccessible to general site visitors

Blocks general visitors from accessing the REST API.

Access can be granted to specific endpoints

Allows selective access to particular REST API endpoints.

JWT Authentication

It is possible to authenticate using JWT tokens

Time-based Access Token

Time-based Access token (JWT) is provided

Endpoint Exclusion

You may exclude specific REST API endpoints from the list

Basic Authentication

Provides basic authentication using a username and password

Postman Samples

Postman samples are available for each method of authentication

Pricing

Disable REST API Plugin

$0 / Free

Plan includes

Subscribers, editors, and admins can be subject to different rules
Whitelisting individual REST API endpoints is very simple
Manages access to the WordPress REST API
Makes the entire REST API inaccessible to general site visitors
Access can be granted to specific endpoints
Buy Now

WordPress REST API Authentication Plugin

$149 / One-time

Plan includes

JWT Authentication
Time-based Access Token
Endpoint Exclusion
Basic Authentication
Postman Samples
Buy Now

In some cases companies have different prices based on various components like a location. As a result the prices displayed here can differ from the ones you see on their websites.

See all pricing options
Find Your Price Plan

Rating and reviews

4.8

Rating summary

38

Reviews

90K

Active installations

5
4
3
2
1

User sentiment analysis

Users appreciate this WordPress plugin for its straightforward functionality and effective control over REST API endpoints. They highlight its simplicity, ease of use, and the ability to selectively allow or block API access based on user roles, which helps enhance site security by preventing unwanted access. Many users mention the plugin's effectiveness in reducing unauthorized login attempts and protecting against data scraping. However, there are some drawbacks noted. Some users report compatibility issues, such as the plugin breaking site functionality or not working with certain WordPress versions. There are also concerns about the lack of regular updates and need for clearer settings and documentation regarding access control for logged-in users.
graphicvision1

graphicvision1

19 Aug, 2024

What else can I say, this plugin does exactly what its supposed to do. It’s easy to understand and works perfectly. So well done!
Maarten

Maarten

29 Dec, 2023

The plugin does what it says on the tin, without being pretentious. Absolutely fantastic!
ucsendre

ucsendre

14 Sep, 2023

I always start my WordPress installations with this plugin (among a few other ones). A must have on all sites. Thank you.
mw815371

mw815371

03 Apr, 2023

The plugin still works for me on WordPress 6.2. It’s great to have the option to allow API access where I need it and block everything else.
Ronny Adsetts

Ronny Adsetts

26 Jan, 2023

Allows locking the WP API behind auth and selectively allowing it where needed. Despite the lack of plugin updates, the author does have an active github repo so don’t let that put you off.
See All Reviews

More plugins like this

See all

FAQ

How do I know if this plugin is working?

Does this plugin disable every REST API that is installed on my site?

Can I whitelist specific endpoints?

Can I control access on a per-user-role basis?

What happens if a user is not allowed to access an endpoint?

Do I need to configure anything after installing the plugin?

Will this plugin affect my site's performance?

Is this plugin compatible with all versions of WordPress?

TenWeb, Inc.

40 E Main St, Suite 721

Newark, DE 19711

United States

Company

About usContact usSecurity statementAffiliiatesAffiliate termsCareerPricing

Product

AI Website BuilderAI EcommerceHostingPageSpeed BoosterAI Business Name GeneratorIndustriesAI AssistantAI Marketing Strategy GeneratorPluginsWidgetsWebsite management

Customers

10Web for agencies & freelancersCase studies10Web for SMBsCustomer reviews

Resources

Help CenterBlogHosting glossarySite speed glossaryPress KitRoadmapSubmit your ideaFacebook communityAI technologySystem status

Copyright © 2024 TenWeb. All rights reserved.

Privacy
Terms of Service
SLA
Report Abuse