New to the community? Start here

[Defender Pro] Don't block all WordPress Rest API requests

0

Defender Pro has a new feature: Catch Bots Off Guard With “Block WordPress Rest API”
But would it be possible to whitelist specific IP’s / domains and block all other requests?

Wed, 30 Oct 2019 8:09:54
More Defender Pro discussions
Defender Pro
  • Predrag Dubajic
    • Support

    Hi again Dominique :slight_smile:

    After my response on your blog comment, I discussed this with Defender devs and I’m afraid that at the moment there’s no option or hook that could be used to whitelist certain site or IP from WP Rest API security tweak.
    We did add it on our future improvements list and they will check about including such option in future :slight_smile:

    Best regards,
    Predrag

  • Predrag Dubajic
    • Support

    Hi Dominique,

    That’s correct, if you’re not using it for outside connections it should be blocked, but having an option to whitelist certain IP or site will certainly allow for further tweaking of this.

    I guess that internal communication with the REST API won’t be blocked?

    Exactly, and it’s also mentioned in the tweak explanation itself, quote:
    WordPress (including Gutenberg and plugins) will continue to work as normal, but public API requests will be blocked.

    Best regards,
    Predrag