PHPackages                             carawebs/wp-secure-rest-api - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication & Authorization](/categories/authentication)
4. /
5. carawebs/wp-secure-rest-api

ActiveWordpress-plugin[Authentication & Authorization](/categories/authentication)

carawebs/wp-secure-rest-api
===========================

A very simple mu plugin for WordPress that disallows access to REST endpoints for users that are not logged in.

1.0.1(9y ago)1331GPL2PHP

Since May 23Pushed 8y ago1 watchersCompare

[ Source](https://github.com/Carawebs/wp-secure-rest-api)[ Packagist](https://packagist.org/packages/carawebs/wp-secure-rest-api)[ RSS](/packages/carawebs-wp-secure-rest-api/feed)WikiDiscussions master Synced today

READMEChangelogDependenciesVersions (3)Used By (0)

Secure WordPress REST API
=========================

[](#secure-wordpress-rest-api)

A super-simple plugin that disallows access to REST endpoints for users that are not logged in.

Stops the REST API from being used to enumerate users.

Usage
-----

[](#usage)

- Clone this repo to `mu-plugins` - you may need to create this directory in the designated WordPress content directory (`wp-content` in a standard install)
- Make sure the file is loaded

If you're using [Bedrock](https://roots.io/bedrock/), the built in mu-plugins autoloader will take care of loading for you.

Check it's working: `https://example.com/wp-json/wp/v2/users` should return a 401 response if the user is not logged in.

Non Bedrock Loader
------------------

[](#non-bedrock-loader)

Add this line to a loader in the root `mu-plugins` directory:

```