ability to toggle WordPress REST API endpoints
I've recently discovered that by default, WordPress exposes a REST API endpoint at /wp-json/wp/v2/users which can be exploited to enumerate users. While I have found a workaround by creating a custom rewrite rule in IIS to block access to this endpoint, I believe this should be a built-in feature of the WP Toolkit.
I propose that Plesk add an option within the WP Toolkit to easily enable or disable access to specific REST API endpoints, such as /wp-json/wp/v2/users. This would provide an additional layer of security for WordPress sites and make it easier for administrators to protect their websites.
I believe that this feature would be highly beneficial to the Plesk community and would contribute to a more secure WordPress hosting environment.
Plesk Tech Support
shared this idea
Thank you for your input! We will consider this functionality in upcoming releases if it becomes popular.
Everyone, please continue voting for this feature if you consider it important.
-- SH
-
SoloWeb Hosting commented
It is a security flaw that is very easy to block, but it would be ideal to do it from Plesk itself.