Category: Security
WordPress security tips, hardening guides, and vulnerability analysis.
How to Block IPs Attacking Your WordPress REST API
Rate limiting throttles bad actors. IP blocklisting stops them entirely. Endpoint Manager Pro 1.3 adds manual blocking, auto-block thresholds, temporary and permanent bans, and an IP allowlist — all from the WordPress admin.
Endpoint Manager 1.3 — Rate Limiting, IP Blocklisting, and Custom Error Responses
Endpoint Manager 1.3 ships per-endpoint rate limiting, IP blocklisting with auto-block, configurable error responses, and improved log filtering. All Phase 1 security hardening features are now available in Pro.
WordPress User Enumeration via the REST API: What It Is and How to Stop It
WordPress has shipped a built-in user enumeration vector since version 4.7: the REST API /wp/v2/users endpoint. It is enabled by default, requires no authentication, and returns login usernames. Here is how to stop it.