
Only REST API Security & Risk Analysis
wordpress.org/plugins/only-rest-apiRedirects all front end, non-REST API requests to a single page.
Is Only REST API Safe to Use in 2026?
Generally Safe
Score 85/100Only REST API has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "only-rest-api" plugin version 1.0.0 exhibits a generally strong security posture based on the provided static analysis. The complete absence of any recorded vulnerabilities in its history, coupled with the lack of critical code signals like dangerous functions, raw SQL queries, or unsanitized taint flows, is a very positive indicator. The code also shows a good approach by not utilizing file operations or making external HTTP requests, which are common vectors for security issues. However, there are a few areas that, while not currently exploited, represent potential weaknesses. The lack of nonce and capability checks across all identified entry points means that any future addition of AJAX handlers or REST API routes without proper authorization could be immediately exploitable. Furthermore, the significant percentage of improperly escaped output (60%) indicates a risk of Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is handled without proper sanitization before being displayed.
Key Concerns
- Missing nonce checks on entry points
- Missing capability checks on entry points
- Significant unescaped output detected
Only REST API Security Vulnerabilities
Only REST API Release Timeline
Only REST API Code Analysis
Output Escaping
Only REST API Attack Surface
WordPress Hooks 3
Maintenance & Trust
Only REST API Maintenance & Trust
Maintenance Signals
Community Trust
Only REST API Alternatives
Disable REST API
disable-json-api
Disable the use of the REST API on your website to site users. Now with User Role support!
JWT Authentication for WP REST API
jwt-authentication-for-wp-rest-api
Extends the WP REST API using JSON Web Tokens Authentication as an authentication method.
Disable WP REST API
disable-wp-rest-api
Disables the WP REST API for visitors not logged into WordPress.
WordPress REST API (Version 2)
rest-api
Access your site's data through an easy-to-use HTTP REST API. (Version 2)
WPGet API – Connect to any external REST API
wpgetapi
Connect any REST API to WordPress. WPGet API enables easy API integration, allowing you to display API data without any code.
Only REST API Developer Profile
6 plugins · 2K total installs
How We Detect Only REST API
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
HTML / DOM Fingerprints
only-rest-api-settings-pagepage-content