Title: Headless REST API Security Author: Md. Rakib Ullah Published: 2026 年 1 月 20 日 Last modified: 2026 年 2 月 22 日 --- 搜索插件 ![](https://ps.w.org/headless-rest-api-security/assets/banner-772x250.png?rev=3443475) ![](https://ps.w.org/headless-rest-api-security/assets/icon-256x256.png?rev=3443475) # Headless REST API Security 作者:[Md. Rakib Ullah](https://profiles.wordpress.org/rakib417/) [下载](https://downloads.wordpress.org/plugin/headless-rest-api-security.2.3.zip) * [详情](https://cn.wordpress.org/plugins/headless-rest-api-security/#description) * [评价](https://cn.wordpress.org/plugins/headless-rest-api-security/#reviews) * [安装](https://cn.wordpress.org/plugins/headless-rest-api-security/#installation) * [开发进展](https://cn.wordpress.org/plugins/headless-rest-api-security/#developers) [支持](https://wordpress.org/support/plugin/headless-rest-api-security/) ## 描述 Running a Headless WordPress site often involves exposing the REST API. Headless REST API Security provides tools for administrators to control which endpoints are accessible to the public or external applications. This plugin restricts public access to REST API endpoints by default and offers a settings interface to allow-list only the specific routes required by a frontend application (such as Next.js, Gatsby, or mobile apps). ### Features * **Access Control:** Restrict default public access to REST API endpoints. * **Route Allow-Listing:** Specific API routes (e.g., `/wp/v2/posts`) can be enabled while others remain restricted. * **API Key Authentication:** Supports an `X-API-KEY` header for server-to-server or frontend requests. * **Headless Redirect:** Option to redirect users accessing the backend API URL to a specified frontend domain. * **Admin Access:** Logged-in Administrators and Editors retain access to the API to support the Block Editor (Gutenberg) functionality. * **Plugin Support:** Detects routes registered by third-party plugins for configuration. ### Usage 1. Navigate to **Settings > Headless Security** in the WordPress dashboard. 2. Enable the **Master Switch** to activate the access restrictions. 3. Review the list of REST API routes and check the **Allow** box for endpoints the application requires. 4. Copy the generated **API Key** for use in application headers. 5. (Optional) Enter a **Headless Frontend URL** to configure redirects for visitors. ## 屏幕截图 * [[ * **General Settings:** The main configuration screen with the Master Switch and Redirect URL options. * [[ * **Route Manager:** The grid view for allowing or restricting specific API namespaces and endpoints. ## 安装 1. Upload the plugin files to the `/wp-content/plugins/headless-rest-api-security` directory, or install the plugin through the WordPress plugins screen. 2. Activate the plugin through the ‘Plugins’ screen in WordPress. 3. Go to the **Headless Security** menu to configure allowed routes. ## 常见问题 ### Does this modify WordPress Core files? No. The plugin uses standard WordPress hooks (`rest_authentication_errors` and ` template_redirect`) to manage access. ### Will this affect the Block Editor (Gutenberg)? The plugin checks for logged-in users with the `edit_posts` capability, allowing the backend editor to function normally while restrictions are active. ### Can I use this with custom endpoints? Yes. Registered REST API routes appear in the settings list and can be allow-listed. ### Where is the API Key placed? The key is sent in the request header. Example: X-API-KEY: your_generated_key_here ## 评价 ![](https://secure.gravatar.com/avatar/7c3aa29708077177e413cb6a017a52eb7cc621f92a76d30baff0de2402572e8c? s=60&d=retro&r=g) ### 󠀁[Best Plugin for Securing Headless WordPress](https://wordpress.org/support/topic/best-plugin-for-securing-headless-wordpress/)󠁿 [Ridhwan Ahsan](https://profiles.wordpress.org/ridhwanahsann/) 2026 年 2 月 16 日 1 回复 Excellent plugin! Secures my headless WordPress API quickly and easily. Works perfectly with Next.js and mobile apps ![](https://secure.gravatar.com/avatar/4b21d167926badc780294bc91dc19bddc3ad39e36a1c0423df9c7f39c29b335b? s=60&d=retro&r=g) ### 󠀁[Easy to use and secure](https://wordpress.org/support/topic/easy-to-use-and-secure/)󠁿 [Ashikjs](https://profiles.wordpress.org/mostofa55688/) 2026 年 2 月 4 日 1 回复 Great plugin. Simple setup, easy to use, and it effectively secures my site’s REST API. Highly recommend. [ 阅读所有1条评价 ](https://wordpress.org/support/plugin/headless-rest-api-security/reviews/) ## 贡献者及开发者 「Headless REST API Security」是开源软件。 以下人员对此插件做出了贡献。 贡献者 * [ Md. Rakib Ullah ](https://profiles.wordpress.org/rakib417/) [帮助将「Headless REST API Security」翻译成简体中文。](https://translate.wordpress.org/projects/wp-plugins/headless-rest-api-security) ### 对开发感兴趣吗? 您可以[浏览代码](https://plugins.trac.wordpress.org/browser/headless-rest-api-security/), 查看[SVN仓库](https://plugins.svn.wordpress.org/headless-rest-api-security/),或 通过[RSS](https://plugins.trac.wordpress.org/log/headless-rest-api-security/?limit=100&mode=stop_on_copy&format=rss) 订阅[开发日志](https://plugins.trac.wordpress.org/log/headless-rest-api-security/)。 ## 更新日志 #### 2.3 * Fix: Resolved a critical error on the settings page caused by third-party plugin conflicts with REST API initialization. * Fix: Resolved stable tag and version mismatch issues for WordPress.org compliance. #### 2.2 * Updated UI styles for better accessibility. * Improved checkbox contrast. #### 2.1 * Minor code improvements. #### 2.0 * Added route allow-listing functionality. * Added headless frontend redirect feature. * Added admin bypass for authenticated users. #### 1.0 * Initial release. ## 额外信息 * 版本 **2.2** * 最后更新:**3 月前** * 活跃安装数量 **20+** * WordPress 版本 ** 5.8 或更高版本 ** * 已测试的最高版本为 **6.9.4** * PHP 版本 ** 7.4 或更高版本 ** * 语言 * [English (US)](https://wordpress.org/plugins/headless-rest-api-security/) * 标签 * [access-control](https://cn.wordpress.org/plugins/tags/access-control/)[authentication](https://cn.wordpress.org/plugins/tags/authentication/) [headless](https://cn.wordpress.org/plugins/tags/headless/)[permissions](https://cn.wordpress.org/plugins/tags/permissions/) [rest-api](https://cn.wordpress.org/plugins/tags/rest-api/) * [高级视图](https://cn.wordpress.org/plugins/headless-rest-api-security/advanced/) ## 评级 5 星(最高 5 星)。 * [ 2 条 5 星评价 ](https://wordpress.org/support/plugin/headless-rest-api-security/reviews/?filter=5) * [ 0 条 4 星评价 ](https://wordpress.org/support/plugin/headless-rest-api-security/reviews/?filter=4) * [ 0 条 3 星评价 ](https://wordpress.org/support/plugin/headless-rest-api-security/reviews/?filter=3) * [ 0 条 2 星评价 ](https://wordpress.org/support/plugin/headless-rest-api-security/reviews/?filter=2) * [ 0 条 1 星评价 ](https://wordpress.org/support/plugin/headless-rest-api-security/reviews/?filter=1) [Your review](https://wordpress.org/support/plugin/headless-rest-api-security/reviews/#new-post) [查看全部评论](https://wordpress.org/support/plugin/headless-rest-api-security/reviews/) ## 贡献者 * [ Md. Rakib Ullah ](https://profiles.wordpress.org/rakib417/) ## 支持 有话要说吗?是否需要帮助? [查看支持论坛](https://wordpress.org/support/plugin/headless-rest-api-security/)