Title: REST API Guard
Author: Sean Fisher
Published: <strong>Октябрь 20, 2022-ж.</strong>
Last modified: Сентябрь 9, 2025-ж.

---

Плагиндерди издөө

![](https://ps.w.org/rest-api-guard/assets/icon-256x256.png?rev=3111870)

# REST API Guard

 Автору [Sean Fisher](https://profiles.wordpress.org/sean212/)

[Жүктөө](https://downloads.wordpress.org/plugin/rest-api-guard.1.4.1.zip)

 * [Кенен маалымат](https://kir.wordpress.org/plugins/rest-api-guard/#description)
 * [Сын-пикирлер](https://kir.wordpress.org/plugins/rest-api-guard/#reviews)
 *  [Орнотуу](https://kir.wordpress.org/plugins/rest-api-guard/#installation)
 * [Development](https://kir.wordpress.org/plugins/rest-api-guard/#developers)

 [Колдоо](https://wordpress.org/support/plugin/rest-api-guard/)

## Сүрөттөө

Restrict and control access to the REST API.

### Usage

The WordPress REST API is generally very public and can share a good deal of information
with the internet anonymously. This plugin aims to make it easier to restrict access
to the REST API for your WordPress site.

Out of the box the plugin can:

 * Disable anonymous access to the REST API.
 * Restrict and control anonymous access to the REST API by namespace, path, etc.

### Settings Page

The plugin can be configured via the Settings page (`Settings -> REST API Guard`)
or via the relevant filter.

### Preventing Access to User Information (`wp/v2/users`)

By default, the plugin will restrict anonymous access to the users endpoint. This
can be prevented in the plugin’s settings or via code:

    ```
    add_filter( 'rest_api_guard_allow_user_access', fn () => true );
    ```

### Preventing Access to Index (`/`) or Namespace Endpoints (`wp/v2`)

To prevent anonymous users from browsing your site and discovering what plugins/
post types are setup, the plugin restricts access to the index (`/`) and namespace(`
wp/v2`) endpoints. This can be prevented in the plugin’s settings or via code:

    ```
    // Allow index access.
    add_filter( 'rest_api_guard_allow_index_access', fn () => true );

    // Allow namespace access.
    add_filter( 'rest_api_guard_allow_namespace_access', fn ( string $namespace ) => true );
    ```

### Restrict Anonymous Access to the REST API

The plugin can restrict anonymous access for any request to the REST API in the 
plugin’s settings or via code:

    ```
    add_filter( 'rest_api_guard_prevent_anonymous_access', fn () => true );
    ```

### Limit Anonymous Access to Specific Namespaces/Routes (Allowlist)

Anonymous users can be granted access only to specific namespaces/routes. Requests
outside of these paths will be denied. This can be configured in the plugin’s settings
or via code:

    ```
    add_filter(
        'rest_api_guard_anonymous_requests_allowlist',
        function ( array $paths, WP_REST_Request $request ): array {
            // Allow other paths not included here will be denied.
            $paths[] = 'wp/v2/post';
            $paths[] = 'custom-namespace/v1/public/*';

            return $paths;
        },
        10,
        2
    );
    ```

### Restrict Anonymous Access to Specific Namespaces/Routes (Denylist)

Anonymous users can be restricted from specific namespaces/routes. This acts as

a denylist for specific paths that an anonymous user cannot access. The paths support
regular expressions for matching. The use of the allowlist takes priority over this
denylist. This can be configured in the plugin’s settings or via code:

    ```
    add_filter(
        'rest_api_guard_anonymous_requests_denylist',
        function ( array $paths, WP_REST_Request $request ): array {
            $paths[] = 'wp/v2/user';
            $paths[] = 'custom-namespace/v1/private/*';

            return $paths;
        },
        10,
        2
    );
    ```

### Require JSON Web Token (JWT) Authentication

Anonymous users can be required to authenticate via a JSON Web Token (JWT) to
 access
the REST API. Users should pass an `Authorization: Bearer <token>` header with their
request. This can be configured in the plugin’s settings or via code:

    ```
    add_filter( 'rest_api_guard_authentication_jwt', fn () => true );
    ```

Out of the box, the plugin will look for a JWT in the `Authorization: Bearer
 <token
>
 header. The JWT will be expected to have an audience of
 ‘wordpress-rest-api’
and issuer of the site’s URL. This can be configured in the plugin’s settings or
via code:

    ```
    add_filter(
        'rest_api_guard_jwt_audience',
        function ( string $audience ): string {
            return 'custom-audience';
        }
    );

    add_filter(
        'rest_api_guard_jwt_issuer',
        function ( string $issuer ): string {
            return 'https://example.com';
        }
    );
    ```

The JWT’s secret will be autogenerated and stored in the database in the
 rest_api_guard_jwt_secret
option. The secret can also be changed via code:

    ```
    add_filter(
        'rest_api_guard_jwt_secret',
        function ( string $secret ): string {
            return 'my-custom-secret';
        }
    );
    ```

### Allow JWT Authentication for Authenticated Users

Authenticated users can be authenticated with the REST API via a JSON Web Token.

Similar to the anonymous JWT authentication, users should pass an Authorization:
Bearer header with their request. This can be configured in the plugin’s settings
or via code:

    ```
    add_filter( 'rest_api_guard_user_authentication_jwt', fn () => true );
    ```

### Generating JWTs for Anonymous and Authenticated Users

JWTs can be generated by calling the
 wp rest-api-guard generate-jwt [–user=] command
or using the Alley\WP\REST_API_Guard\generate_jwt() method:

    ```
    $jwt = \Alley\WP\REST_API_Guard\generate_jwt(
        expiration: 3600, // Optional. The expiration time in seconds from now.
        user: 1, // Optional. The user ID to generate the JWT for. Supports `WP_User` or user ID.
    );
    ```

## Орнотуу

You can install the package via composer:

    ```
    composer require alleyinteractive/wp-rest-api-guard
    ```

## Сын-пикирлер

![](https://secure.gravatar.com/avatar/a198d8d4109faa2bfdafbcafabec1661360f7af4cde88cb8f192c7ec6babe448?
s=60&d=retro&r=g)

### 󠀁[The best plugin](https://wordpress.org/support/topic/the-best-plugin-344/)󠁿

 [Yworld](https://profiles.wordpress.org/yworld/) Май 3, 2023-ж.

Plugin works great!

![](https://secure.gravatar.com/avatar/98195d228e9177e36ca8a13d4c674356c6df724a3e0468dc646c9cc872a077a8?
s=60&d=retro&r=g)

### 󠀁[Nice work!](https://wordpress.org/support/topic/nice-work-548/)󠁿

 [Bowo](https://profiles.wordpress.org/qriouslad/) Октябрь 20, 2022-ж.

Simple and effective. I love being able to easily turn off access to the REST API.

 [ Read all 2 reviews ](https://wordpress.org/support/plugin/rest-api-guard/reviews/)

## Contributors & Developers

“REST API Guard” is open source software. The following people have contributed 
to this plugin.

Мүчөлөрү

 *   [ Sean Fisher ](https://profiles.wordpress.org/sean212/)

[Translate “REST API Guard” into your language.](https://translate.wordpress.org/projects/wp-plugins/rest-api-guard)

### Interested in development?

[Browse the code](https://plugins.trac.wordpress.org/browser/rest-api-guard/), check
out the [SVN repository](https://plugins.svn.wordpress.org/rest-api-guard/), or 
subscribe to the [development log](https://plugins.trac.wordpress.org/log/rest-api-guard/)
by [RSS](https://plugins.trac.wordpress.org/log/rest-api-guard/?limit=100&mode=stop_on_copy&format=rss).

## Мета

 *  Нуска **1.4.1**
 *  Акыркы жаңыртуу **10 ай мурун**
 *  Активдүү орнотуулар **100+**
 *  WordPress нускасы ** 6.5 же андан жогору **
 *  Tested up to **6.8.5**
 *  PHP нускасы ** 8.1 же андан жогору **
 *  Тил
 * [English (US)](https://wordpress.org/plugins/rest-api-guard/)
 *  [Advanced View](https://kir.wordpress.org/plugins/rest-api-guard/advanced/)

## Рейтинг

 5 out of 5 stars.

 *  [  2 5-star reviews     ](https://wordpress.org/support/plugin/rest-api-guard/reviews/?filter=5)
 *  [  0 4-star reviews     ](https://wordpress.org/support/plugin/rest-api-guard/reviews/?filter=4)
 *  [  0 3-star reviews     ](https://wordpress.org/support/plugin/rest-api-guard/reviews/?filter=3)
 *  [  0 2-star reviews     ](https://wordpress.org/support/plugin/rest-api-guard/reviews/?filter=2)
 *  [  0 1-star reviews     ](https://wordpress.org/support/plugin/rest-api-guard/reviews/?filter=1)

[Your review](https://wordpress.org/support/plugin/rest-api-guard/reviews/#new-post)

[See all reviews](https://wordpress.org/support/plugin/rest-api-guard/reviews/)

## Мүчөлөрү

 *   [ Sean Fisher ](https://profiles.wordpress.org/sean212/)

## Колдоо

Комментарийлер барбы? Жардам керекпи?

 [Колдоо форумун көрүү](https://wordpress.org/support/plugin/rest-api-guard/)