Getting Started

calendar_month Last updated: May 25, 2026

What is a REST API endpoint?

An endpoint is a URL that the WordPress REST API exposes for specific functionality. For example:

  • /wp/v2/posts — Returns blog posts
  • /wp/v2/users — Returns user information
  • /wc/v3/products — Returns WooCommerce products (if installed)

WordPress and every plugin that uses the REST API registers its own endpoints. By default, all of them are publicly accessible. Endpoint Manager lets you decide which ones stay active.

Free vs Pro

Feature Free Pro
View all endpoints (static and dynamic) check check
Inline preview modal for static endpoints check check
Search (Ctrl/Cmd+F) with result highlighting check check
Multi-criteria filters (status, type, method, namespace) check check
Security logs (IP, endpoint, user agent, timestamp) check check
Log filtering (search, IP, endpoint, date range) check check
Automatic log cleanup (30-day retention) check check
Toggle endpoints on/off (requires license) close check
Configurable block response code and message close check
Dynamic endpoint support close check
Interactive preview modal for dynamic endpoints close check
Rate limiting (global and per-endpoint) close check
IP Block List (manual, auto-block, allowlist) close check
CSV log export close check
Automatic updates close check
Priority support close check

Static vs dynamic endpoints

Static endpoints are fixed routes without parameters — for example, /wp/v2/posts returns a collection of posts.

Dynamic endpoints contain variable parameters — for example, /wp/v2/posts/(?P<id>[d]+) requires a post ID to return a specific item. The Pro version is required to manage and preview dynamic endpoints.

Minimum requirements

  • WordPress 5.0+
  • PHP 7.4+
  • MySQL 5.6+
  • HTTPS recommended

How to install

Free version:

  1. Go to WordPress Admin → Plugins → Add New
  2. Search for “Endpoint Manager”
  3. Click Install, then Activate

Pro version:

  1. Purchase a license from wpbuoy.com
  2. Download the plugin ZIP file
  3. Go to WordPress Admin → Plugins → Add New → Upload Plugin
  4. Upload the ZIP and activate
  5. Go to Endpoint Manager → License
  6. Enter your license key and click Activate

Always install via the WordPress dashboard. Direct file copy to the server skips the activation routine, which can prevent features like security logging from initializing. If this happens, deactivate and reactivate the plugin from the Plugins screen.

Initial configuration

The plugin works out of the box — all endpoints are enabled by default. We recommend:

  1. Review your endpoints — Open Endpoint Manager to see everything registered on your site
  2. Identify unused endpoints — Look for endpoints from plugins or features you don’t use
  3. Test before disabling — Use the Preview button to see what an endpoint returns
  4. Disable gradually — Start with obviously unused endpoints
  5. Monitor logs — Check security logs for blocked requests to confirm your changes are working

Will this break my site?

Installing the plugin does not change any endpoint behavior. All endpoints remain enabled by default.

However, disabling an endpoint will block access to it with a configurable error response. If you disable an endpoint that your theme, page builder, or another plugin depends on, that functionality may stop working. Always use the Preview feature to understand what an endpoint does before disabling it, and re-enable it immediately if something breaks.

Privacy and data collection

Free version: No external connections. All data stays on your WordPress installation.

Pro version: Your license key and domain are sent to the WPBuoy license server for validation — once on activation and daily for license checks. No user data, content, or logs are ever transmitted.

All security logs are stored locally in your WordPress database. The plugin does not track user behavior, collect personal information, or insert tracking scripts.

Still need help?

Contact support or visit the product page.