Support » Plugin: Wordfence Security - Firewall & Malware Scan » This plugin closed my Rest API!!!

  • This plugin closed my Rest API!!! Woke up to a bunch of email complaints from customers because of this plugin. Ruined my reputation!!! Beware if your site is using the Rest API do not use this plugin!!!

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author WFSupport


    Wordfence doesn’t close or block the REST API. It’s not a feature we offer. I would advise looking at other security plugins on the site or your hosting or cloud provider that sometimes offer that functionality.


    Thread Starter wpzeitz2002


    You know your plugin did it Tim. We both know your plugin did it. I fixed the issue right away after I woke up but the damage has been done.

    Your plugin modified my htaccess, we all know your plugin does this.

    I have read a few other topics saying your plugin modifies htaccess but you guys keep on denying it.

    Plugin Author WFSupport


    There is no feature in Wordfence that blocks the REST API. That’s how our free Central Management tool Wordfence Central connects to sites so blocking it would break the functionality we rely on to provide that tool which wouldn’t make sense. However, if you are positive that Wordfence does block the REST API, please point out the setting that does so. Or show me what you see that shows you we block the REST API. I’ll be happy to help either figure out what might be blocking it, or help unblock you in Wordfence if you are mistakenly saying “REST API” when you mean something else. However, if you are just going to continue throwing vague accusations and insinuations I won’t be able to do anything to assist.

    Also there are very limited Wordfence options that write to the .htaccess file. Hiding a configuration file like .user.ini or a log file would be one. Adding the code for the firewall location happens in some instances is another. Wer try not to write to the .htaccess file because it’s not really efficient, and if an automated process writes to the .htaccess file and breaks while it is doing so it could take down the site. I believe BPS puts most all of it’s code there and there may be a few others that do (maybe iThemes?). Wordfence, for the most part, does not.


    I’m using Wordfence for more than 10 years in my websites. And I’m using REST API. Had no problems with Wordfence within all these years. Just sayin.

Viewing 4 replies - 1 through 4 (of 4 total)
  • You must be logged in to reply to this review.