SMNTCS Disable REST API User Endpoints

Description

With WordPress 4.7 the REST API is part of the core. At the moment everyone has read access to the REST API. As a result of that a potential intruder can retrieve a list of all user slugs via /wp-json/wp/v2/users. This plugin disables the REST API user endpoints to obscure the user slugs.

Contribute

Contributions are more than welcome. Simply head over to Github and open an issue or a pull request.

Installation

  1. Upload smntcs-disable-rest-api-user-endpoints to the /wp-content/plugins/ directory.
  2. Activate the plugin through the Plugins menu in WordPress.

Reviews

May 10, 2021 1 reply
Great plugin, works as it should, a must for any Wordpress site.
April 6, 2017
Does what is says, and you really shoud use this on all your sites. I just can’t imagine your woocommerce customers login names being exposed via the REST API. Though the REST API is an amazing feature Kudos on this !!!
Read all 2 reviews

Contributors & Developers

“SMNTCS Disable REST API User Endpoints” is open source software. The following people have contributed to this plugin.

Contributors

“SMNTCS Disable REST API User Endpoints” has been translated into 5 locales. Thank you to the translators for their contributions.

Translate “SMNTCS Disable REST API User Endpoints” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Changelog

2.3 (2024.10.19)

  • Test up to WordPress 6.6

2.2 (2023.10.15)

  • Test up to WordPress 6.4
  • Convert code to OOP

2.1 (2023.03.11)

  • Test up to WordPress 6.2

2.0 (2022.12.03)

  • Test up to WordPress 6.1

1.9 (2022.06.09)

  • Test up to WordPress 6.0

1.8 (2021.12.31)

  • Test up to WordPress 5.8

1.7 (2021.05.01)

1.6 (2021.01.08)

  • Test up to WordPress 5.6

1.5 (2020.05.10)

1.4 (2020.05.10)

1.3 (2019.12.26)

1.2 (2019.04.05)

  • Refactor based on PHPCS and WPCS

1.1 (2019.02.20)

  • Test up to WordPress 5.1

1.0 (2018.03.27)

  • Initial release