Skip to content

Endpoint Manager

See every REST API endpoint on your site. Disable the ones you don’t need. Monitor everything that gets blocked. Endpoint Manager gives you full visibility and control over your WordPress API — with advanced filtering, security logs, and CSV export built in.

Pricing Learn More

Features

Everything you need to manage REST APIs effectively.

Dynamic Endpoint Support

Test any endpoint without leaving the dashboard. Static routes open a preview URL instantly; dynamic routes open an interactive modal where you fill in each parameter — with smart defaults pulled from your actual content — before previewing the live response.

Understand what an endpoint returns before deciding whether to keep it enabled.

Learn More Pricing

Advanced Search and Filters

Powerful multi-criteria filtering to find exactly what you’re looking for. Filter endpoints by namespace, access status, and route type. Combine filters with real-time search to quickly locate specific endpoints in large API implementations.

Learn More Pricing

API Security & Insights

Get a quick overview of your REST API health and security. View total endpoints, namespace breakdowns, and recent activity, alongside real-time updates on blocked requests. Instantly spot suspicious behavior, confirm security rules are working, and monitor your API at a glance—all without leaving the dashboard.

Learn More Pricing

Security Logs with CSV Export

Every blocked request is automatically logged with IP address, user agent, and timestamp. Review who’s hitting your disabled endpoints, spot repeat offenders, and export the full log to CSV for audits or compliance reports.

Learn More Pricing

Other Features

sync

Filter by Route Type

Filter endpoints by route type — static routes with fixed paths or dynamic routes with variable parameters. Identify endpoints that accept user input and manage their security settings separately.

toggle_on

Filter by Status

Filter endpoints by access status — view only allowed, only blocked, or all routes. Quickly audit your security configuration and confirm critical endpoints are protected without scanning the full list.

folder_copy

Filter by Namespace

Filter REST API endpoints by namespace to manage access on a per-plugin basis. Instantly isolate routes from WooCommerce, Jetpack, or any plugin — then review, disable, or troubleshoot without scrolling through the full endpoint list.

http

Filter by HTTP Method

Filter WordPress REST API routes by HTTP method — GET, POST, PUT, or DELETE. Instantly separate read-only endpoints from write endpoints so you can lock down the ones that modify data.

search

Endpoint Search

Search across all REST API routes and namespaces with real-time filtering. Find any endpoint instantly — even on sites with hundreds of registered routes. Trigger it anytime with Ctrl/Cmd+F.

file_download

CSV Export

Export security logs to CSV for compliance reporting, audits, or backup. Apply filters first to export only the data you need.

Pricing

Choose the plan that fits your business.

Personal

1 website

$19/yr

Includes all PRO features + unlimited updates per year for 1 website.

Freelancer

10 websites

$39/yr

Includes all PRO features + unlimited updates per year for 10 websites.

Agency

Unlimited Websites

$69/yr

Includes all PRO features + unlimited updates per year for unlimited websites.

FAQ

Got questions? We've got you covered.

What is Endpoint Manager Pro? add close

Endpoint Manager Pro is a WordPress plugin that provides comprehensive control over your WordPress REST API endpoints. It allows you to selectively enable or disable specific endpoints, enhancing security and performance by reducing your site’s attack surface.

Why do I need this plugin? add close

By default, WordPress exposes all REST API endpoints, including those from plugins and themes. This can create security vulnerabilities and performance overhead. Endpoint Manager Pro allows you to:

  • Enhance Security: Disable unused endpoints to reduce potential attack vectors
  • Improve Performance: Reduce server load by blocking unnecessary API calls
  • Monitor Activity: Track blocked requests and identify potential threats
  • Granular Control: Manage endpoints at a detailed level, not all-or-nothing

What's the difference between Free and Pro versions? add close

Feature
Free
Pro
WordPress Core Endpoints
check Yes
check Yes
Plugin/Theme Endpoints
close No
check Yes
Dynamic Endpoints
close No
check Yes
Endpoint Filters
close No
check Yes
Live Preview
remove Limited
check Yes
Security Logging
close No
check Yes
CSV Export
close No
check Yes
Priority Support
close No
check Yes

 

Live Preview: Free version covers WordPress core endpoints only and includes a basic static endpoint preview. Pro adds plugin/theme endpoints, dynamic endpoints with fill-in-the-blanks preview, filters, security logging, CSV export, and priority support.

Who should use Endpoint Manager Pro? add close

  • WordPress Developers: Managing client sites with security requirements
  • Agencies: Deploying secure solutions across multiple sites
  • E-commerce Sites: Protecting WooCommerce and payment endpoints
  • Membership Sites: Securing user data and restricted content
  • Enterprise: Running mission-critical WordPress installations
  • Security-Conscious Site Owners: Anyone wanting better API control

How do I install Endpoint Manager Pro? add close

  1. Purchase a license from our website
  2. Download the plugin ZIP file
  3. Go to WordPress Admin → Plugins → Add New → Upload Plugin
  4. Upload the ZIP file and activate
  5. Go to Settings → Endpoint Manager → License
  6. Enter your license key and activate

Note: Always install via the WordPress dashboard rather than copying files directly to the server. Direct file copy can cause the activation routine to be skipped, which may
prevent features like security logging from initializing correctly.

Do I need to configure anything after installation? add close

The plugin works out of the box with safe defaults. However, we recommend:

  1. Review Your Endpoints: Go to Endpoint Manager to see all available endpoints
  2. Identify Unused Endpoints: Look for endpoints you don’t need
  3. Test Before Disabling: Use the Preview feature (Pro) to test endpoint responses
  4. Disable Gradually: Start by disabling obviously unused endpoints
  5. Monitor Logs: Check security logs (Pro) for blocked requests

Will this plugin break my site? add close

No, Endpoint Manager Pro is designed to be safe:

  1. Default State: All endpoints are enabled by default
  2. Selective Disabling: You choose exactly what to disable
  3. Easy Reversal: Re-enable any endpoint with one click
  4. Preview Feature (Pro): Test endpoints before making changes
  5. Logging (Pro): See what requests are being blocked

What are the minimum requirements? add close

  • WordPress 5.0 or higher
  • PHP 7.2 or higher
  • MySQL 5.6 or higher
  • HTTPS recommended (for security)

What is an endpoint? add close

An endpoint is a URL in the WordPress REST API that provides specific functionality. For example:

  • /wp/v2/posts – Returns blog posts
  • /wp/v2/users – Returns user information
  • /wc/v3/products – Returns WooCommerce products (if installed)

Each endpoint can be individually enabled or disabled with Endpoint Manager Pro.

What are static vs dynamic endpoints? add close

Static Endpoints: Fixed routes without parameters

  • Example: /wp/v2/posts
  • Returns a collection or resource

Dynamic Endpoints: Routes with variable parameters

  • Example: /wp/v2/posts/(?P[d]+)
  • Requires an ID to access a specific item
  • Pro version required to manage these

What is endpoint filtering? (Pro Feature) add close

The Pro version includes 4 advanced filtering options:

  1. Search/Filter: Quickly find specific endpoints by name
  2. Filter by Namespace: View only endpoints from specific plugins (e.g., wc/v3 for WooCommerce)
  3. Filter by Status: Show only enabled or disabled endpoints
  4. Filter by Type: Show only static or dynamic endpoints

This makes managing large numbers of endpoints much easier.

How does the Endpoint Preview work? (Pro Feature) add close

The Endpoint Preview feature allows you to:

  1. Click “Preview” next to any endpoint
  2. See sample data that endpoint returns
  3. Test the endpoint without using external tools
  4. Verify endpoints work before disabling others
  5. Understand what data each endpoint exposes
  6. Fill in URL parameters for dynamic endpoints using a guided modal, no manual URL construction needed

This is a unique feature – no other REST API management plugin offers this.

What is the Endpoint Summary Dashboard? (Pro Feature) add close

The Summary Dashboard provides at-a-glance statistics:

  • Total number of endpoints on your site
  • Number of enabled vs disabled endpoints
  • Breakdown by namespace (WordPress, WooCommerce, etc.)
  • Recently modified endpoints
  • Most blocked endpoints (from security logs)

How do Security Logs work? (Pro Feature) add close

Security Logs track:

  • Blocked Requests: When someone tries to access a disabled endpoint
  • IP Addresses: Who attempted the request
  • Timestamp: When the attempt occurred
  • Endpoint: Which endpoint was targeted
  • User Agent: What tool/browser was used

Logs can be:

  • Viewed in the WordPress admin
  • Exported to CSV for analysis
  • Automatically cleaned up after 30 days (configurable)

Can I export logs? (Pro Feature) add close

Yes! The Pro version includes CSV export:

  1. Go to Endpoint Manager → Logs
  2. Select date range (optional)
  3. Click “Export to CSV”
  4. Analyze logs in Excel, Google Sheets, or security tools

This is useful for:

  • Security audits
  • Compliance reporting
  • Identifying attack patterns
  • Client reporting (for agencies)

How do I activate my license? add close

  1. Purchase a plan from our website
  2. Check your email for the license key
  3. Log in to your WordPress admin
  4. Go to Settings → Endpoint Manager → License
  5. Enter your license key
  6. Click “Activate License”

You’ll see a success message when activation is complete.

Can I use one license on multiple sites? add close

Yes, depending on your plan:

  • Free: Unlimited sites (with limited features)
  • Personal: 1 site only
  • Freelancer: Up to 5 sites
  • Agency: Unlimited sites

Development and staging sites don’t count toward your limit.

What happens if my license expires? add close

When your annual license expires:

  • Plugin continues to work with existing settings
  • Endpoints remain enabled/disabled as configured
  • No new updates or bug fixes
  • No access to support
  • Pro features will be disabled

You can renew at any time to restore Pro features.

Do you offer refunds? add close

Yes! We offer a 30-day money-back guarantee. If you’re not satisfied for any reason within 30 days of purchase, contact us for a full refund.

I disabled an endpoint and now my site isn't working! add close

Quick Fix:

  1. Go to Endpoint Manager → Endpoints
  2. Find the endpoint you disabled
  3. Click “Enable” to turn it back on
  4. Test your site functionality

Prevention: Always use the Preview feature (Pro) before disabling endpoints.

How do I know which endpoints are safe to disable? add close

Safe to Disable (Usually):

  • Endpoints from plugins you’ve uninstalled
  • User endpoints if you don’t have public
  • profiles (/wp/v2/users)
  • Media endpoints if you don’t allow file uploads
  • Comment endpoints if comments are disabled

DO NOT Disable:

  • Endpoints used by your theme
  • Endpoints used by page builders (Elementor, Gutenberg)
  • WooCommerce endpoints if you run an online store
  • Any endpoint with recent activity in the logs (Pro)

Best Practice: If unsure, leave it enabled.

The plugin isn't showing plugin/theme endpoints (Free version) add close

This is expected. The Free version only shows WordPress core endpoints. To see and manage plugin/theme endpoints (like WooCommerce, BuddyPress, etc.), upgrade to a Pro plan.

Security logs aren't showing any data (Pro) add close

Possible causes:

  1. No Blocked Requests: If no one has tried accessing disabled endpoints, logs will be empty (this is good!)
  2. Logging Not Enabled: Check Settings → Endpoint Manager → Enable Security Logging
  3. Logs Cleared: Logs auto-delete after 30 days by default
  4. Database Issue: Check if the logs database table exists
  5. Installed via File Copy: If the plugin was installed by copying files directly to the server rather than through the WordPress dashboard, the activation routine may have been skipped, deactivate and reactivate the plugin from the Plugins screen to reinitialize the database table

Try disabling a test endpoint and accessing it manually to generate a log entry.

I can't activate my license add close

Common Issues:

1. **Invalid License Key**: Copy-paste carefully, no extra spaces
2. **Already Activated**: Check if it’s active on another site (Personal = 1 site limit)
3. **Expired License**: Check your purchase date (licenses are annual)
4. **Server Connection**: Your server must be able to connect to our license server
5. **Local Development**: Use `WP_DEBUG` mode for local testing (bypasses license check)

Will this work with other plugins? add close

Endpoint Manager Pro works with all plugins that use the WordPress REST API, including:

  • WooCommerce
  • BuddyPress
  • LearnDash
  • MemberPress
  • WPForms
  • Gravity Forms
  • Jetpack
  • Yoast SEO
  • And thousands more

If a plugin registers REST API endpoints, you can manage them with Pro.

Can I use this with a caching plugin? add close

Yes! Endpoint Manager Pro works with all major caching plugins:

  • WP Rocket
  • W3 Total Cache
  • WP Super Cache
  • LiteSpeed Cache
  • Cloudflare

Note: After enabling/disabling endpoints, clear your cache to see changes take effect immediately.

Is my data sent anywhere? Does this plugin collect personal data? add close

License Verification Only (Pro):

  • Your license key and domain are sent to our license server for validation
  • This happens once per activation and daily for license checks
  • No user data, content, or logs are ever transmitted

No External Connections (Free):

  • The free version never connects to external servers
  • All data stays on your WordPress installation

Local Data Storage:

  • All security logs are stored in your WordPress database — nothing is sent to external servers
  • The plugin does not track user behavior, collect personal information, or insert tracking scripts
  • You have full control and ownership of all your data

Will this protect me from all API attacks? Does it replace a security plugin? add close

Endpoint Manager Pro significantly reduces your attack surface by:

  • Disabling unnecessary endpoints
  • Logging suspicious activity
  • Providing visibility into API access

However, it is specialized for API security and does not replace a comprehensive security plugin. A plugin like Wordfence provides firewall, malware scanning, login protection, and file integrity monitoring.

Use Endpoint Manager Pro alongside a security plugin for best protection. We also recommend:

  • Keeping WordPress and plugins updated
  • Using strong passwords and 2FA
  • Regular backups
  • HTTPS/SSL certificate

Does this work with headless WordPress? add close

Yes! Endpoint Manager Pro is essential for headless WordPress setups where you need to:

  • Expose only necessary endpoints to your frontend
  • Secure sensitive data endpoints
  • Monitor API access
  • Optimize performance by blocking unused Endpoints

Many headless WordPress developers use Endpoint Manager Pro.

Can I use this with the WordPress Block Editor (Gutenberg)? add close

Yes. The plugin is fully compatible with Gutenberg. Be careful not to disable core endpoints that Gutenberg relies on, such as:

  • /wp/v2/posts
  • /wp/v2/pages
  • /wp/v2/blocks
  • /wp/v2/media

The Preview feature (Pro) helps you test before disabling.

Does this affect REST API authentication? add close

No. Endpoint Manager Pro controls **which endpoints are accessible**, not **who can access them**. Authentication is handled separately by WordPress and plugins like Application Passwords or OAuth.

You can use both:

  • Endpoint Manager Pro to control endpoint availability
  • Authentication plugins to control access permissions

How are endpoints stored in the database? add close

Endpoint settings are stored as WordPress options:

  • Enabled/disabled state per endpoint
  • Security logs in a custom database table
  • License information (encrypted)

All data is stored locally in your WordPress database.

How do I get support? add close

  • Free Version:
    • Community support forum on WordPress.org
    • Documentation and FAQ (this document)
  • Personal Plan:
    • Email support
    • 48-hour response time during business days
    • Access to knowledge base
  • Freelancer Plan:
    • Priority email support
    • 24-hour response time
    • Access to knowledge base
    • Feature requests considered
  • Agency Plan:
    • Priority email support
    • 12-hour response time (including weekends)
    • Access to knowledge base
    • Priority feature requests
    • Direct developer access for complex issues

How do I contact support? add close

Email: support@wpbuoy.com
Documentation: http://wpbuoy.com/docs
License Issues: http://wpbuoy.com/my-account/licenses

Include in your support request:

  • License key (if Pro user)
  • WordPress version
  • PHP version
  • Description of the issue
  • Steps to reproduce
  • Screenshots (if applicable)

How often is the plugin updated? add close

  • Security updates: Released immediately when needed
  • Bug fixes: Released as needed (usually monthly)
  • Feature updates: Quarterly releases
  • Compatibility updates: When new WordPress versions release

All updates are free for active license holders.

Where can I find the changelog? add close

The full changelog is available:

  • In the plugin directory: CHANGELOG.md
  • On the WordPress.org plugin page
  • In your account dashboard (for Pro users)

Can I request features? add close

Yes! We welcome feature requests:

  • Free Users: Submit via WordPress.org forum
  • Pro Users: Email support with detailed request
  • Agency Users: Priority consideration for requests

Popular requests are added to the roadmap and announced via email.

Will the plugin work with future WordPress versions? add close

Yes. We commit to:

  • Testing with WordPress beta releases
  • Updating before major WordPress releases
  • Maintaining backward compatibility
  • Supporting the latest 3 major WordPress versions

How do I report a bug? add close

Security Issues: Email security@wpbuoy.com (do not post publicly)

Other Bugs:

  1. Check if it’s already fixed in the latest version
  2. Disable other plugins to rule out conflicts
  3. Test with a default WordPress theme
  4. Submit detailed report with:
    • Steps to reproduce
    • Expected vs actual behavior
    • Error messages
    • System information

We aim to fix critical bugs within 48 hours.

What does "Pro Features Paused" mean in the admin dashboard? add close

If your license is inactive or expired, the Pro Features widget changes to a “Pro Features Paused” notice. Your endpoints continue to function, but Pro-only features (such as security logging, dynamic endpoints, and bulk actions) are paused until you reactivate or renew your license.