Getting Started
What is a REST API endpoint?
An endpoint is a URL that the WordPress REST API exposes for specific functionality. For example:
/wp/v2/posts— Returns blog posts/wp/v2/users— Returns user information/wc/v3/products— Returns WooCommerce products (if installed)
WordPress and every plugin that uses the REST API registers its own endpoints. By default, all of them are publicly accessible. Endpoint Manager lets you decide which ones stay active.
Free vs Pro
| Feature | Free | Pro |
|---|---|---|
| View all endpoints (static and dynamic) | ||
| Inline preview modal for static endpoints | ||
| Search (Ctrl/Cmd+F) with result highlighting | ||
| Multi-criteria filters (status, type, method, namespace) | ||
| Security logs (IP, endpoint, user agent, timestamp) | ||
| Log filtering (search, IP, endpoint, date range) | ||
| Automatic log cleanup (30-day retention) | ||
| Toggle endpoints on/off (requires license) | ||
| Configurable block response code and message | ||
| Dynamic endpoint support | ||
| Interactive preview modal for dynamic endpoints | ||
| Rate limiting (global and per-endpoint) | ||
| IP Block List (manual, auto-block, allowlist) | ||
| CSV log export | ||
| Automatic updates | ||
| Priority support |
Static vs dynamic endpoints
Static endpoints are fixed routes without parameters — for example, /wp/v2/posts returns a collection of posts.
Dynamic endpoints contain variable parameters — for example, /wp/v2/posts/(?P<id>[d]+) requires a post ID to return a specific item. The Pro version is required to manage and preview dynamic endpoints.
Minimum requirements
- WordPress 5.0+
- PHP 7.4+
- MySQL 5.6+
- HTTPS recommended
How to install
Free version:
- Go to WordPress Admin → Plugins → Add New
- Search for “Endpoint Manager”
- Click Install, then Activate
Pro version:
- Purchase a license from wpbuoy.com
- Download the plugin ZIP file
- Go to WordPress Admin → Plugins → Add New → Upload Plugin
- Upload the ZIP and activate
- Go to Endpoint Manager → License
- Enter your license key and click Activate
Always install via the WordPress dashboard. Direct file copy to the server skips the activation routine, which can prevent features like security logging from initializing. If this happens, deactivate and reactivate the plugin from the Plugins screen.
Initial configuration
The plugin works out of the box — all endpoints are enabled by default. We recommend:
- Review your endpoints — Open Endpoint Manager to see everything registered on your site
- Identify unused endpoints — Look for endpoints from plugins or features you don’t use
- Test before disabling — Use the Preview button to see what an endpoint returns
- Disable gradually — Start with obviously unused endpoints
- Monitor logs — Check security logs for blocked requests to confirm your changes are working
Will this break my site?
Installing the plugin does not change any endpoint behavior. All endpoints remain enabled by default.
However, disabling an endpoint will block access to it with a configurable error response. If you disable an endpoint that your theme, page builder, or another plugin depends on, that functionality may stop working. Always use the Preview feature to understand what an endpoint does before disabling it, and re-enable it immediately if something breaks.
Privacy and data collection
Free version: No external connections. All data stays on your WordPress installation.
Pro version: Your license key and domain are sent to the WPBuoy license server for validation — once on activation and daily for license checks. No user data, content, or logs are ever transmitted.
All security logs are stored locally in your WordPress database. The plugin does not track user behavior, collect personal information, or insert tracking scripts.
Still need help?
Contact support or visit the product page.