MaxtDesign REST API Control is an open-source WordPress plugin designed to give site administrators detailed control over access to the WordPress REST API. It addresses the potential security and privacy issues that arise from WordPress exposing its REST API to the public by default, which can reveal sensitive information such as usernames, post data, and site structure. The plugin enables administrators to block, restrict, or whitelist REST API endpoints on a per-user-role basis, ensuring that only authorized users or roles can access specific endpoints.
Key features include a global toggle to disable REST API access for unauthenticated users with a single click, automatic discovery of all registered REST API endpoints, and a collapsible namespace tree interface for selecting endpoints. Administrators can create individual endpoint whitelists for each user role, such as subscriber, contributor, or author, while maintaining full access for roles like administrator. The plugin provides smart defaults by detecting and automatically whitelisting required endpoints for popular plugins like Contact Form 7 and WooCommerce. It also allows custom error messages for blocked requests and ensures zero frontend footprint, meaning it adds no CSS, JavaScript, or HTTP requests to public-facing pages. All admin assets are loaded only on the plugin’s settings page, and it uses a single autoloaded database option to avoid extra queries.
For deployment in multi-site environments, settings can be exported and imported as JSON, and the plugin supports a clean uninstall process that removes all its data, including multisite cleanup. It uses the rest_authentication_errors filter to intercept and block requests before any endpoint logic executes, minimizing performance impact. 2 or higher. pot file included for localization.
MaxtDesign REST API Control is distributed for free under the GPL license and its source code is available on GitHub. It is developed by MaxtDesign, a web development and AI studio based in Nampa, Idaho, specializing in WordPress and WooCommerce solutions.
MaxtDesign REST API Control sits in PulseGate's Infrastructure & Backend category. It focuses on securing and customizing access to the WordPress REST API for different user roles and endpoints. MaxtDesign REST API Control is a B2B product aimed at wordPress administrators and developers. MaxtDesign REST API Control costs nothing to use. MaxtDesign REST API Control is available on the web.
It is developed by MaxtDesign, and the product first shipped in 2026. Among its 5 catalogued features are REST API blocking, endpoint whitelisting, and role-based access. The interface is available in English and Maltese.
Latest indexed changes and source events
MaxtDesign REST API Control verified by the PulseGate indexer
Other apps tracked under the same category.