Pinny's Rest Lock - Complete Description
Category: WordPress Plugins • Platform: PHP
Pinny’s REST User Guard prevents public access to WordPress REST API user endpoints while preserving normal site functionality for authorized users.
By default, WordPress exposes /wp-json/wp/v2/users and related endpoints, which can be used for user enumeration on public sites. This plugin restricts those endpoints so they are only accessible to users with appropriate permissions, returning a proper 403 Forbidden response to unauthorized requests.
The plugin is lightweight, does not modify core files, and relies on WordPress’s native REST authentication flow to ensure compatibility with the block editor, admin tools, and third-party plugins.