[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fRrqri6n3a_NfSXrIj-Ler0VJC7MqS_w__BTqUxyWkC0":3},{"slug":4,"display_name":5,"profile_url":6,"plugin_count":7,"total_installs":8,"avg_security_score":9,"avg_patch_time_days":10,"trust_score":11,"computed_at":12,"plugins":13},"rakib417","Md. Rakib Ullah","https:\u002F\u002Fprofiles.wordpress.org\u002Frakib417\u002F",2,20,100,30,94,"2026-04-04T08:30:34.585Z",[14,36],{"slug":15,"name":16,"version":17,"author":5,"author_profile":6,"description":18,"short_description":19,"active_installs":8,"downloaded":20,"rating":9,"num_ratings":7,"last_updated":21,"tested_up_to":22,"requires_at_least":23,"requires_php":24,"tags":25,"homepage":31,"download_link":32,"security_score":9,"vuln_count":33,"unpatched_count":33,"last_vuln_date":34,"fetched_at":35},"headless-rest-api-security","Headless REST API Security","2.2","\u003Cp>Running a Headless WordPress site often involves exposing the REST API. Headless REST API Security provides tools for administrators to control which endpoints are accessible to the public or external applications.\u003C\u002Fp>\n\u003Cp>This plugin restricts public access to REST API endpoints by default and offers a settings interface to allow-list only the specific routes required by a frontend application (such as Next.js, Gatsby, or mobile apps).\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Access Control:\u003C\u002Fstrong> Restrict default public access to REST API endpoints.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Route Allow-Listing:\u003C\u002Fstrong> Specific API routes (e.g., \u003Ccode>\u002Fwp\u002Fv2\u002Fposts\u003C\u002Fcode>) can be enabled while others remain restricted.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>API Key Authentication:\u003C\u002Fstrong> Supports an \u003Ccode>X-API-KEY\u003C\u002Fcode> header for server-to-server or frontend requests.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Headless Redirect:\u003C\u002Fstrong> Option to redirect users accessing the backend API URL to a specified frontend domain.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin Access:\u003C\u002Fstrong> Logged-in Administrators and Editors retain access to the API to support the Block Editor (Gutenberg) functionality.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Plugin Support:\u003C\u002Fstrong> Detects routes registered by third-party plugins for configuration.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Navigate to \u003Cstrong>Settings > Headless Security\u003C\u002Fstrong> in the WordPress dashboard.\u003C\u002Fli>\n\u003Cli>Enable the \u003Cstrong>Master Switch\u003C\u002Fstrong> to activate the access restrictions.\u003C\u002Fli>\n\u003Cli>Review the list of REST API routes and check the \u003Cstrong>Allow\u003C\u002Fstrong> box for endpoints the application requires.\u003C\u002Fli>\n\u003Cli>Copy the generated \u003Cstrong>API Key\u003C\u002Fstrong> for use in application headers.\u003C\u002Fli>\n\u003Cli>(Optional) Enter a \u003Cstrong>Headless Frontend URL\u003C\u002Fstrong> to configure redirects for visitors.\u003C\u002Fli>\n\u003C\u002Fol>\n","Manage access to the WordPress REST API by restricting public endpoints, enabling specific route allow-listing, and handling API key authentication.",243,"2026-02-22T18:49:00.000Z","6.9.4","5.8","7.4",[26,27,28,29,30],"access-control","authentication","headless","permissions","rest-api","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fheadless-rest-api-security\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fheadless-rest-api-security.2.3.zip",0,null,"2026-03-15T15:16:48.613Z",{"slug":37,"name":38,"version":39,"author":5,"author_profile":6,"description":40,"short_description":41,"active_installs":33,"downloaded":42,"rating":33,"num_ratings":33,"last_updated":43,"tested_up_to":22,"requires_at_least":23,"requires_php":24,"tags":44,"homepage":49,"download_link":50,"security_score":9,"vuln_count":33,"unpatched_count":33,"last_vuln_date":34,"fetched_at":35},"rest-armor-security","RestArmor Security","2.3","\u003Cp>RestArmor Security is a “Plug & Play” security suite that hardens your WordPress site instantly upon activation. No complex setup required.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Cstrong>Disable XML-RPC:\u003C\u002Fstrong> Blocks XML-RPC attacks and Pingbacks.\u003Cbr \u002F>\n* \u003Cstrong>Block REST API:\u003C\u002Fstrong> Restricts API access to logged-in users only.\u003Cbr \u002F>\n* \u003Cstrong>Stop User Enumeration:\u003C\u002Fstrong> Blocks bot scans for \u002F?author=1.\u003Cbr \u002F>\n* \u003Cstrong>Hide WP Version:\u003C\u002Fstrong> Removes version number from source code.\u003Cbr \u002F>\n* \u003Cstrong>Admin Indicator:\u003C\u002Fstrong> Shows security status in the admin bar.\u003C\u002Fp>\n","Advanced security suite. Blocks REST API, disables XML-RPC, prevents user enumeration, and secures endpoints.",116,"2026-02-11T12:35:00.000Z",[45,46,30,47,48],"disable-rest-api","protection","security","xml-rpc","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frest-armor-security.2.3.zip"]