{"id":98920,"date":"2019-03-05T01:51:12","date_gmt":"2019-03-05T01:51:12","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/wp-rest-api-security\/"},"modified":"2019-08-12T13:44:22","modified_gmt":"2019-08-12T13:44:22","slug":"wp-rest-api-security","status":"publish","type":"plugin","link":"https:\/\/gu.wordpress.org\/plugins\/wp-rest-api-security\/","author":8584657,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"1.1.2","stable_tag":"trunk","tested":"5.1.22","requires":"4.9","requires_php":"7.0","requires_plugins":"","header_name":"WP REST API Security","header_author":"Charles Lecklider","header_description":"A UI to choose which REST API endpoints to enable.","assets_banners_color":"","last_updated":"2019-08-12 13:44:22","external_support_url":"","external_repository_url":"","donate_link":"https:\/\/paypal.me\/invisnet\/","header_plugin_uri":"","header_author_uri":"https:\/\/charles.lecklider.org\/","rating":4,"author_block_rating":0,"active_installs":10,"downloads":1190,"num_ratings":1,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","changelog"],"tags":[],"upgrade_notice":[],"ratings":{"1":0,"2":0,"3":0,"4":"1","5":0},"assets_icons":[],"assets_banners":[],"assets_blueprints":{},"all_blocks":[],"tagged_versions":[],"block_files":[],"assets_screenshots":[],"screenshots":[],"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[1556,2299,600],"plugin_category":[54],"plugin_contributors":[78764],"plugin_business_model":[],"class_list":["post-98920","plugin","type-plugin","status-publish","hentry","plugin_tags-api","plugin_tags-rest","plugin_tags-security","plugin_category-security-and-spam-protection","plugin_contributors-invisnet","plugin_committers-invisnet"],"banners":[],"icons":{"svg":false,"icon":"https:\/\/s.w.org\/plugins\/geopattern-icon\/wp-rest-api-security.svg","icon_2x":false,"generated":true},"screenshots":[],"raw_content":"<!--section=description-->\n<p>The REST API is essential for any modern web framework, but with it comes a huge attack surface. <em>WP REST API Security<\/em> reduces the attack surface by disabling all the REST API endpoints by default, allowing you to enable only those actually needed. Those that are enabled require authentication by default, allowing you to choose which to make public.<\/p>\n\n<blockquote>\n  <p><strong>N.B.<\/strong> If you are using the new Block Editor you must keep nearly all the endpoints enabled for it to work, but none need be public.<\/p>\n<\/blockquote>\n\n<!--section=installation-->\n<ol>\n<li>Install via the Plugin Directory, or upload to your plugins directory.<\/li>\n<li>Activate the plugin through the 'Plugins' menu in WordPress.<\/li>\n<li>Go to <em>Settings<\/em> -&gt; <em>WP REST API Security<\/em><\/li>\n<\/ol>\n\n<blockquote>\n  <p><strong>N.B.<\/strong> Activating <em>WP REST API Security<\/em> will disable all REST endpoints - you <strong>must<\/strong> enable the ones you need.<\/p>\n<\/blockquote>\n\n<!--section=changelog-->\n<h4>1.1.2<\/h4>\n\n<ul>\n<li>Fix array error.<\/li>\n<\/ul>\n\n<h4>1.1.1<\/h4>\n\n<ul>\n<li>Fix CSS leakage.<\/li>\n<li>Fix array warning.<\/li>\n<\/ul>\n\n<h4>1.1.0<\/h4>\n\n<ul>\n<li>Bugfix.<\/li>\n<li>Use actions.<\/li>\n<\/ul>\n\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>Initial release.<\/li>\n<\/ul>","raw_excerpt":"Provides a UI to control which REST API endpoints are enabled and which require authentication.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/gu.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/98920","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/gu.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/gu.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/gu.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=98920"}],"author":[{"embeddable":true,"href":"https:\/\/gu.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/invisnet"}],"wp:attachment":[{"href":"https:\/\/gu.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=98920"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/gu.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=98920"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/gu.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=98920"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/gu.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=98920"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/gu.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=98920"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/gu.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=98920"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}