WPBuoy Endpoint Manager
| 开发者 | martincipriano |
|---|---|
| 更新时间 | 2026年5月25日 11:49 |
| PHP版本: | 7.4 及以上 |
| WordPress版本: | 7.0 |
| 版权: | GPLv2 or later |
| 版权网址: | 版权信息 |
详情介绍:
Every plugin and theme you install registers REST API endpoints. Most are public by default — including the ones your site never uses.
Unused endpoints are unnecessary exposure. They reveal information about your stack, invite probing, and become liabilities when a vulnerability is discovered in a plugin you forgot to audit.
WPBuoy Endpoint Manager gives you a clear view of every endpoint on your site and a one-click toggle to disable the ones you don't need.
See your full API surface
Every REST API endpoint from WordPress core, plugins, and themes in one organized view — grouped by namespace, with a count of how many are currently disabled.
Block endpoints instantly
Toggle any endpoint off and it returns a 403. No code, no rules, no guesswork. One click. Requires an active Pro license.
Preview before you block
Click the preview icon on any static endpoint to fetch its live REST API response in an inline modal — without leaving the admin. Know exactly what you're disabling before you disable it.
Search and filter your endpoints
Find any endpoint instantly with keyboard search (Ctrl/Cmd+F) and result highlighting. Filter by status, route type, method, or namespace to focus on what matters.
Security logging
Every blocked request is logged with IP address, endpoint, user agent, and timestamp — so you always know what's being probed. Filter logs by IP, endpoint, or date range. Logs auto-clean after 30 days.
Clean and accessible
Built to WordPress admin standards. Fully keyboard-navigable with screen reader support.
Who it's for
Agencies hardening client sites. Developers locking down staging environments. Site owners running WooCommerce, membership, or any setup where REST API exposure is a real risk.
Go further with Pro
WPBuoy Endpoint Manager Pro adds:
- Endpoint blocking with a configurable response code and message (requires license)
- Dynamic route support with regex pattern matching
- Interactive preview modal for dynamic endpoints (auto-resolves default parameter values)
- Global rate limiting — cap the total number of REST API requests per time window
- Per-endpoint rate limiting — set independent limits on individual routes
- IP Block List — manual blocking, auto-block IPs that exceed rate limits, and an allowlist for trusted IPs
- CSV export of security logs
- Automatic plugin updates
- Priority support
安装:
- Upload the plugin files to the
/wp-content/plugins/wpbuoy-endpoint-managerdirectory, or install the plugin through the WordPress plugins screen directly. - Activate the plugin through the 'Plugins' screen in WordPress
- Use the Endpoints screen in the WordPress admin menu to configure the plugin
- Toggle endpoints on/off as needed
屏幕截图:
常见问题:
Will disabling endpoints break my site?
Disabling certain endpoints may affect WordPress functionality, plugins, or themes that depend on the REST API. Always test thoroughly after making changes. We recommend testing on a staging site first.
What exactly happens when I disable an endpoint?
Blocked endpoints return a 403 Forbidden response. The endpoint remains registered in WordPress — it's not removed, just inaccessible. You can re-enable it at any time from the admin screen.
Will this affect the WordPress Block Editor (Gutenberg)?
The Block Editor relies on several /wp/v2/ REST API routes. Review those endpoints carefully and test on a staging site before disabling any of them.
Can I manage endpoints from plugins and themes?
Yes. The plugin shows all registered static REST API endpoints, including those from plugins and themes.
Does this plugin work with WordPress multisite?
Yes, but the plugin must be activated on each site individually. Network activation is not currently supported.
Will this slow down my site?
No. The plugin adds a minimal check at the REST API permission layer. There is no impact on front-end performance.
Can I undo changes?
Yes. All toggles are reversible — just re-enable any endpoint from the admin screen. If you uninstall the plugin, all settings are removed automatically.
Do I need a license to use this plugin?
No. Viewing, searching, filtering, previewing endpoints, and reviewing security logs are all available for free. Endpoint blocking and Pro features require an active license.
更新日志:
2.0.0
- Added: HTTP method badges on endpoint rows
- Added: security logs page with IP, endpoint, status, and user agent tracking
- Added: contextual help tab with KB-linked sections (Getting Started, Features, Troubleshooting)
- Added: upgrade banner for Pro upsell
- Updated: description, short description, FAQs, and Pro feature list
- Updated: screenshots (7 total, including Pro upsell)
- Removed: admin sidebar (replaced by help tab)
- Updated: WP.org listing copy — rewritten description, short description, and Pro upsell section
- Fixed: incorrect installation directory path in readme.txt
- Updated: tested up to WordPress 6.9
- Fixed: private constructor enforces singleton pattern
- Fixed: text domain loaded via init hook to prevent early-load notices
- Fixed: comprehensive uninstall cleanup (options, transients, multisite)
- Fixed: accessibility improvements (screen-reader-text, rel attributes)
- Updated: sidebar "Upgrade to Pro" features list updated to match current pro feature set.
- Updated: standardized admin sidebar with shared WPBuoy styling
- Added: endpoint preview button for static routes
- Removed: "Endpoint Preview" from pro upsell (basic preview now free)
- Updated: standardized admin sidebar styling
- Removed: FAQ accordion widget from sidebar
- Fixed: removed unprefixed global JavaScript functions
- Added: support for all registered REST API namespaces including plugins and themes
- Fixed: endpoint sanitization uses sanitize_text_field()
- Fixed: sanitize POST input at point of reading
- Updated: plugin scoped to WordPress core static endpoints
- Updated: sidebar links and added FAQ widget
- Updated: tested up to WordPress 6.9
- Renamed to WPBuoy Endpoint Manager for clarity and uniqueness.
- Initial release
- Manage WordPress core REST API endpoints
- Static endpoints support
- Simple toggle interface
- Organized by namespace