Endpoint Manager

See every REST API endpoint on your site. Disable the ones you don’t need. Monitor everything that gets blocked. Endpoint Manager gives you full visibility and control over your WordPress API — with advanced filtering, security logs, and CSV export built in.


Features

Everything you need to manage REST APIs effectively.

Rate Limiting

Set global and per-endpoint request thresholds to prevent API abuse. When a client exceeds the limit, requests are automatically blocked — and repeat offenders can be auto-added to the IP Block List. Fine-tune limits per route so critical endpoints stay responsive while high-traffic routes are kept in check.

IP Block List

Manually block suspicious IPs, auto-block repeat offenders that exceed rate limits, and allowlist trusted IPs that should bypass all rules. Add optional notes to each entry so your team knows why an IP was blocked. Manage everything from a single screen — no external firewall required.

Dynamic Endpoint Support

Test any endpoint without leaving the dashboard. Static routes open a preview URL instantly; dynamic routes open an interactive modal where you fill in each parameter — with smart defaults pulled from your actual content — before previewing the live response. Regex pattern matching identifies dynamic routes automatically so nothing slips through.

Security Logs with CSV Export

Every blocked request is automatically logged with IP address, user agent, and timestamp. Filter logs by search term, IP, endpoint, or date range to zero in on suspicious activity. Block offending IPs directly from the log with one click, or export the full dataset to CSV for audits and compliance reports.

Block Endpoints with Custom Response

Disable any REST API endpoint with a single toggle. Choose a custom HTTP response code and message so blocked requests return exactly what you want — whether that’s a 403 Forbidden, 404 Not Found, or a custom error. Blocked endpoints are counted per namespace so you always know how locked down each plugin’s API surface is.


Other Features

speed

Auto-Block on Rate Limit

When a client exceeds your request threshold, their IP is automatically added to the Block List. No manual intervention needed — abusive traffic is cut off the moment it crosses the line.

block

Auto-Block on Endpoint Hits

IPs that repeatedly hit disabled endpoints are flagged and auto-blocked. Catch bots and scanners probing your API surface before they find something exploitable.

gavel

Block IP from Security Logs

Spot a suspicious IP in your logs? Block it with one click — no need to switch screens or copy-paste addresses. Review the activity, then act on it immediately.

verified_user

IP Allowlist

Add trusted IPs that bypass all rate limits and block rules. Keep your own services, staging servers, and monitoring tools running without interruption — even when security rules are strict.

filter_list

Advanced Search & Filters

Filter endpoints by namespace, access status, route type, or HTTP method — and combine them with real-time search. Find any route instantly, even on sites with hundreds of registered endpoints.

auto_delete

Automatic Log Cleanup

Security logs are automatically pruned after 30 days via WP-Cron — no manual maintenance required. Your database stays lean without losing recent audit data.


Pricing

Choose the plan that fits your business.

Personal

1 website

$19/yr

Includes all PRO features + unlimited updates per year for 1 website.

Freelancer

10 websites

$39/yr

Includes all PRO features + unlimited updates per year for 10 websites.

Agency

Unlimited Websites

$69/yr

Includes all PRO features + unlimited updates per year for unlimited websites.


Knowledge Base

Browse our knowledge base for guides, feature walkthroughs, and answers to common questions.