Title: WPBuoy Endpoint Manager Author: martincipriano Published: مې 17, 2026 Last modified: مې 25, 2026 --- Search plugins ![](https://ps.w.org/wpbuoy-endpoint-manager/assets/banner-772x250.png?rev=3534495) ![](https://ps.w.org/wpbuoy-endpoint-manager/assets/icon-256x256.png?rev=3534898) # WPBuoy Endpoint Manager By [martincipriano](https://profiles.wordpress.org/martincipriano/) [Download](https://downloads.wordpress.org/plugin/wpbuoy-endpoint-manager.2.0.0.zip) * [Details](https://ps.wordpress.org/plugins/wpbuoy-endpoint-manager/#description) * [Reviews](https://ps.wordpress.org/plugins/wpbuoy-endpoint-manager/#reviews) * [Installation](https://ps.wordpress.org/plugins/wpbuoy-endpoint-manager/#installation) * [Development](https://ps.wordpress.org/plugins/wpbuoy-endpoint-manager/#developers) [Support](https://wordpress.org/support/plugin/wpbuoy-endpoint-manager/) ## Description Every plugin and theme you install registers REST API endpoints. Most are public by default — including the ones your site never uses. Unused endpoints are unnecessary exposure. They reveal information about your stack, invite probing, and become liabilities when a vulnerability is discovered in a plugin you forgot to audit. WPBuoy Endpoint Manager gives you a clear view of every endpoint on your site and a one-click toggle to disable the ones you don’t need. **See your full API surface** Every REST API endpoint from WordPress core, plugins, and themes in one organized view — grouped by namespace, with a count of how many are currently disabled. **Block endpoints instantly** Toggle any endpoint off and it returns a 403. No code, no rules, no guesswork. One click. Requires an active Pro license. **Preview before you block** Click the preview icon on any static endpoint to fetch its live REST API response in an inline modal — without leaving the admin. Know exactly what you’re disabling before you disable it. **Search and filter your endpoints** Find any endpoint instantly with keyboard search (Ctrl/Cmd+F) and result highlighting. Filter by status, route type, method, or namespace to focus on what matters. **Security logging** Every blocked request is logged with IP address, endpoint, user agent, and timestamp — so you always know what’s being probed. Filter logs by IP, endpoint, or date range. Logs auto-clean after 30 days. **Clean and accessible** Built to WordPress admin standards. Fully keyboard-navigable with screen reader support. #### Who it’s for Agencies hardening client sites. Developers locking down staging environments. Site owners running WooCommerce, membership, or any setup where REST API exposure is a real risk. #### Go further with Pro WPBuoy Endpoint Manager Pro adds: * Endpoint blocking with a configurable response code and message (requires license) * Dynamic route support with regex pattern matching * Interactive preview modal for dynamic endpoints (auto-resolves default parameter values) * Global rate limiting — cap the total number of REST API requests per time window * Per-endpoint rate limiting — set independent limits on individual routes * IP Block List — manual blocking, auto-block IPs that exceed rate limits, and an allowlist for trusted IPs * CSV export of security logs * Automatic plugin updates * Priority support [Learn more about Endpoint Manager Pro](https://wpbuoy.com/plugins/endpoint-manager/) ## Screenshots * [[ * Manage REST API endpoints — toggle routes on or off with HTTP method badges, restricted indicators, and namespace grouping. * [[ * Search and filter endpoints across all namespaces with live result highlighting. * [[ * Preview live API responses in an inline modal — auto-resolves dynamic endpoint parameters. * [[ * Security logs track every blocked request with IP address, endpoint, status code, and user agent. * [[ * Set per-endpoint rate limits directly from the endpoint row. (Pro) * [[ * Rate limiting, auto-block, IP allowlist, and customizable error responses. (Pro) * [[ * Built-in contextual help with links to the knowledge base, FAQs, and support. ## Installation 1. Upload the plugin files to the `/wp-content/plugins/wpbuoy-endpoint-manager` directory, or install the plugin through the WordPress plugins screen directly. 2. Activate the plugin through the ‘Plugins’ screen in WordPress 3. Use the Endpoints screen in the WordPress admin menu to configure the plugin 4. Toggle endpoints on/off as needed ## FAQ ### Will disabling endpoints break my site? Disabling certain endpoints may affect WordPress functionality, plugins, or themes that depend on the REST API. Always test thoroughly after making changes. We recommend testing on a staging site first. ### What exactly happens when I disable an endpoint? Blocked endpoints return a `403 Forbidden` response. The endpoint remains registered in WordPress — it’s not removed, just inaccessible. You can re-enable it at any time from the admin screen. ### Will this affect the WordPress Block Editor (Gutenberg)? The Block Editor relies on several `/wp/v2/` REST API routes. Review those endpoints carefully and test on a staging site before disabling any of them. ### Can I manage endpoints from plugins and themes? Yes. The plugin shows all registered static REST API endpoints, including those from plugins and themes. ### Does this plugin work with WordPress multisite? Yes, but the plugin must be activated on each site individually. Network activation is not currently supported. ### Will this slow down my site? No. The plugin adds a minimal check at the REST API permission layer. There is no impact on front-end performance. ### Can I undo changes? Yes. All toggles are reversible — just re-enable any endpoint from the admin screen. If you uninstall the plugin, all settings are removed automatically. ### Do I need a license to use this plugin? No. Viewing, searching, filtering, previewing endpoints, and reviewing security logs are all available for free. Endpoint blocking and Pro features require an active license. ## Reviews ![](https://secure.gravatar.com/avatar/d43ee213d35e89624c067121a4aa4fbb3bff11ca199fa0564f3262199f08df9f? s=60&d=retro&r=g) ### 󠀁[Finally have visibility into what my REST API is actually exposing](https://wordpress.org/support/topic/finally-have-visibility-into-what-my-rest-api-is-actually-exposing/)󠁿 [kmbarsana](https://profiles.wordpress.org/kmbarsana/) مې 31, 2026 Been running WordPress sites for clients for years and honestly never thought much about the REST API until one of them got scraped through an exposed user endpoint. Started looking for something that gave me actual control and landed here. Does exactly what I needed. Seeing all registered routes grouped by namespace in one place was a bit of an eye openerm you realize pretty quickly how much surface area a typical WP install has. The security log is a nice bonus too, quiet but useful. Satisfied with the free version for now, unsure yet of grabbing pro for the rate limiting on a higher traffic project I’m working on. Hopefully I won’t need to but looks tempting. PS – sent a couple of feature suggestions to the dev, waiting to hear back. [ Read all 1 review ](https://wordpress.org/support/plugin/wpbuoy-endpoint-manager/reviews/) ## Contributors & Developers “WPBuoy Endpoint Manager” is open source software. The following people have contributed to this plugin. Contributors * [ martincipriano ](https://profiles.wordpress.org/martincipriano/) [Translate “WPBuoy Endpoint Manager” into your language.](https://translate.wordpress.org/projects/wp-plugins/wpbuoy-endpoint-manager) ### Interested in development? [Browse the code](https://plugins.trac.wordpress.org/browser/wpbuoy-endpoint-manager/), check out the [SVN repository](https://plugins.svn.wordpress.org/wpbuoy-endpoint-manager/), or subscribe to the [development log](https://plugins.trac.wordpress.org/log/wpbuoy-endpoint-manager/) by [RSS](https://plugins.trac.wordpress.org/log/wpbuoy-endpoint-manager/?limit=100&mode=stop_on_copy&format=rss). ## Changelog #### 2.0.0 * Added: HTTP method badges on endpoint rows * Added: security logs page with IP, endpoint, status, and user agent tracking * Added: contextual help tab with KB-linked sections (Getting Started, Features, Troubleshooting) * Added: upgrade banner for Pro upsell * Updated: description, short description, FAQs, and Pro feature list * Updated: screenshots (7 total, including Pro upsell) * Removed: admin sidebar (replaced by help tab) #### 1.1.4 * Updated: WP.org listing copy — rewritten description, short description, and Pro upsell section * Fixed: incorrect installation directory path in readme.txt #### 1.1.3 * Updated: tested up to WordPress 6.9 #### 1.1.2 * Fixed: private constructor enforces singleton pattern * Fixed: text domain loaded via init hook to prevent early-load notices * Fixed: comprehensive uninstall cleanup (options, transients, multisite) * Fixed: accessibility improvements (screen-reader-text, rel attributes) #### 1.1.1 * Updated: sidebar “Upgrade to Pro” features list updated to match current pro feature set. #### 1.0.6 * Updated: standardized admin sidebar with shared WPBuoy styling #### 1.0.5 * Added: endpoint preview button for static routes * Removed: “Endpoint Preview” from pro upsell (basic preview now free) #### 1.0.4 * Updated: standardized admin sidebar styling * Removed: FAQ accordion widget from sidebar * Fixed: removed unprefixed global JavaScript functions #### 1.0.3 * Added: support for all registered REST API namespaces including plugins and themes * Fixed: endpoint sanitization uses sanitize_text_field() #### 1.0.2 * Fixed: sanitize POST input at point of reading * Updated: plugin scoped to WordPress core static endpoints * Updated: sidebar links and added FAQ widget * Updated: tested up to WordPress 6.9 #### 1.0.1 * Renamed to WPBuoy Endpoint Manager for clarity and uniqueness. #### 1.0.0 * Initial release * Manage WordPress core REST API endpoints * Static endpoints support * Simple toggle interface * Organized by namespace ## Meta * Version **2.0.0** * Last updated **2 اونۍ ago** * Active installations **Fewer than 10** * WordPress version ** 5.0 or higher ** * Tested up to **7.0** * PHP version ** 7.4 or higher ** * Language * [English (US)](https://wordpress.org/plugins/wpbuoy-endpoint-manager/) * Tags * [api security](https://ps.wordpress.org/plugins/tags/api-security/)[disable REST API](https://ps.wordpress.org/plugins/tags/disable-rest-api/) [rest api security](https://ps.wordpress.org/plugins/tags/rest-api-security/) [rest-api](https://ps.wordpress.org/plugins/tags/rest-api/) * [Advanced View](https://ps.wordpress.org/plugins/wpbuoy-endpoint-manager/advanced/) ## Ratings 5 out of 5 stars. * [ 1 5-star review ](https://wordpress.org/support/plugin/wpbuoy-endpoint-manager/reviews/?filter=5) * [ 0 4-star reviews ](https://wordpress.org/support/plugin/wpbuoy-endpoint-manager/reviews/?filter=4) * [ 0 3-star reviews ](https://wordpress.org/support/plugin/wpbuoy-endpoint-manager/reviews/?filter=3) * [ 0 2-star reviews ](https://wordpress.org/support/plugin/wpbuoy-endpoint-manager/reviews/?filter=2) * [ 0 1-star reviews ](https://wordpress.org/support/plugin/wpbuoy-endpoint-manager/reviews/?filter=1) [Your review](https://wordpress.org/support/plugin/wpbuoy-endpoint-manager/reviews/#new-post) [See all reviews](https://wordpress.org/support/plugin/wpbuoy-endpoint-manager/reviews/) ## Contributors * [ martincipriano ](https://profiles.wordpress.org/martincipriano/) ## Support Got something to say? Need help? [View support forum](https://wordpress.org/support/plugin/wpbuoy-endpoint-manager/)