Title: Headless REST API Security
Author: Md. Rakib Ullah
Published: <strong>20 ژانویه 2026</strong>
Last modified: 22 فوریه 2026

---

جستجوی افزونه‌ها

![](https://ps.w.org/headless-rest-api-security/assets/banner-772x250.png?rev=3443475)

![](https://ps.w.org/headless-rest-api-security/assets/icon-256x256.png?rev=3443475)

# Headless REST API Security

 توسط [Md. Rakib Ullah](https://profiles.wordpress.org/rakib417/)

[دانلود](https://downloads.wordpress.org/plugin/headless-rest-api-security.2.3.zip)

 * [جزئیات](https://fa.wordpress.org/plugins/headless-rest-api-security/#description)
 * [نقد و بررسی‌ها](https://fa.wordpress.org/plugins/headless-rest-api-security/#reviews)
 *  [نصب](https://fa.wordpress.org/plugins/headless-rest-api-security/#installation)
 * [توسعه](https://fa.wordpress.org/plugins/headless-rest-api-security/#developers)

 [پشتیبانی](https://wordpress.org/support/plugin/headless-rest-api-security/)

## توضیحات

Running a Headless WordPress site often involves exposing the REST API. Headless
REST API Security provides tools for administrators to control which endpoints are
accessible to the public or external applications.

This plugin restricts public access to REST API endpoints by default and offers 
a settings interface to allow-list only the specific routes required by a frontend
application (such as Next.js, Gatsby, or mobile apps).

### Features

 * **Access Control:** Restrict default public access to REST API endpoints.
 * **Route Allow-Listing:** Specific API routes (e.g., `/wp/v2/posts`) can be enabled
   while others remain restricted.
 * **API Key Authentication:** Supports an `X-API-KEY` header for server-to-server
   or frontend requests.
 * **Headless Redirect:** Option to redirect users accessing the backend API URL
   to a specified frontend domain.
 * **Admin Access:** Logged-in Administrators and Editors retain access to the API
   to support the Block Editor (Gutenberg) functionality.
 * **Plugin Support:** Detects routes registered by third-party plugins for configuration.

### Usage

 1. Navigate to **Settings > Headless Security** in the WordPress dashboard.
 2. Enable the **Master Switch** to activate the access restrictions.
 3. Review the list of REST API routes and check the **Allow** box for endpoints the
    application requires.
 4. Copy the generated **API Key** for use in application headers.
 5. (Optional) Enter a **Headless Frontend URL** to configure redirects for visitors.

## عکس‌های صفحه

[⌊General Settings: The main configuration screen with the Master Switch and Redirect
URL options.⌉⌊General Settings: The main configuration screen with the Master Switch
and Redirect URL options.⌉[

**General Settings:** The main configuration screen with the Master Switch and Redirect
URL options.

[⌊Route Manager: The grid view for allowing or restricting specific API namespaces
and endpoints.⌉⌊Route Manager: The grid view for allowing or restricting specific
API namespaces and endpoints.⌉[

**Route Manager:** The grid view for allowing or restricting specific API namespaces
and endpoints.

## نصب

 1. Upload the plugin files to the `/wp-content/plugins/headless-rest-api-security`
    directory, or install the plugin through the WordPress plugins screen.
 2. Activate the plugin through the ‘Plugins’ screen in WordPress.
 3. Go to the **Headless Security** menu to configure allowed routes.

## سوالات متداول

### Does this modify WordPress Core files?

No. The plugin uses standard WordPress hooks (`rest_authentication_errors` and `
template_redirect`) to manage access.

### Will this affect the Block Editor (Gutenberg)?

The plugin checks for logged-in users with the `edit_posts` capability, allowing
the backend editor to function normally while restrictions are active.

### Can I use this with custom endpoints?

Yes. Registered REST API routes appear in the settings list and can be allow-listed.

### Where is the API Key placed?

The key is sent in the request header. Example:
 X-API-KEY: your_generated_key_here

## نقد و بررسی‌ها

![](https://secure.gravatar.com/avatar/7c3aa29708077177e413cb6a017a52eb7cc621f92a76d30baff0de2402572e8c?
s=60&d=retro&r=g)

### 󠀁[Best Plugin for Securing Headless WordPress](https://wordpress.org/support/topic/best-plugin-for-securing-headless-wordpress/)󠁿

 [Ridhwan Ahsan](https://profiles.wordpress.org/ridhwanahsann/) 16 فوریه 2026 1 
پاسخ

Excellent plugin! Secures my headless WordPress API quickly and easily. Works perfectly
with Next.js and mobile apps

![](https://secure.gravatar.com/avatar/4b21d167926badc780294bc91dc19bddc3ad39e36a1c0423df9c7f39c29b335b?
s=60&d=retro&r=g)

### 󠀁[Easy to use and secure](https://wordpress.org/support/topic/easy-to-use-and-secure/)󠁿

 [Ashikjs](https://profiles.wordpress.org/mostofa55688/) 4 فوریه 2026 1 پاسخ

Great plugin. Simple setup, easy to use, and it effectively secures my site’s REST
API. Highly recommend.

 [ خواندن تمامی 1 نقد و بررسی‌ ](https://wordpress.org/support/plugin/headless-rest-api-security/reviews/)

## توسعه دهندگان و همکاران

“Headless REST API Security” نرم افزار متن باز است. افراد زیر در این افزونه مشارکت
کرده‌اند.

مشارکت کنندگان

 *   [ Md. Rakib Ullah ](https://profiles.wordpress.org/rakib417/)

[ترجمه “Headless REST API Security” به زبان شما.](https://translate.wordpress.org/projects/wp-plugins/headless-rest-api-security)

### علاقه‌ مند به توسعه هستید؟

[کد را مرور کنید](https://plugins.trac.wordpress.org/browser/headless-rest-api-security/)،
[مخزن SVN](https://plugins.svn.wordpress.org/headless-rest-api-security/) را بررسی
کنید، یا از طریق [RSS](https://plugins.trac.wordpress.org/log/headless-rest-api-security/?limit=100&mode=stop_on_copy&format=rss)
در [گزارش توسعه](https://plugins.trac.wordpress.org/log/headless-rest-api-security/)
مشترک شوید.

## گزارش تغییرات

#### 2.3

 * Fix: Resolved a critical error on the settings page caused by third-party plugin
   conflicts with REST API initialization.
 * Fix: Resolved stable tag and version mismatch issues for WordPress.org compliance.

#### 2.2

 * Updated UI styles for better accessibility.
 * Improved checkbox contrast.

#### 2.1

 * Minor code improvements.

#### 2.0

 * Added route allow-listing functionality.
 * Added headless frontend redirect feature.
 * Added admin bypass for authenticated users.

#### 1.0

 * Initial release.

## اطلاعات

 *  نگارش **2.2**
 *  آخرین به‌روزرسانی **5 ماه پیش**
 *  نصب‌های فعال **30+**
 *  نگارش وردپرس ** 5.8 یا بالاتر **
 *  آزمایش‌شده تا **6.9.4**
 *  نگارش PHP ** 7.4 یا بالاتر **
 *  زبان
 * [English (US)](https://wordpress.org/plugins/headless-rest-api-security/)
 * برچسب
 * [access-control](https://fa.wordpress.org/plugins/tags/access-control/)[authentication](https://fa.wordpress.org/plugins/tags/authentication/)
   [headless](https://fa.wordpress.org/plugins/tags/headless/)[permissions](https://fa.wordpress.org/plugins/tags/permissions/)
   [rest-api](https://fa.wordpress.org/plugins/tags/rest-api/)
 *  [نمایش پیشرفته](https://fa.wordpress.org/plugins/headless-rest-api-security/advanced/)

## امتیازها

 5 از 5 ستاره.

 *  [  امتیاز 2 5-ستاره     ](https://wordpress.org/support/plugin/headless-rest-api-security/reviews/?filter=5)
 *  [  امتیاز 0 4-ستاره     ](https://wordpress.org/support/plugin/headless-rest-api-security/reviews/?filter=4)
 *  [  امتیاز 0 3-ستاره     ](https://wordpress.org/support/plugin/headless-rest-api-security/reviews/?filter=3)
 *  [  امتیاز 0 2-ستاره     ](https://wordpress.org/support/plugin/headless-rest-api-security/reviews/?filter=2)
 *  [  امتیاز 0 1-ستاره     ](https://wordpress.org/support/plugin/headless-rest-api-security/reviews/?filter=1)

[Your review](https://wordpress.org/support/plugin/headless-rest-api-security/reviews/#new-post)

[مشاهده همه بررسی‌ها](https://wordpress.org/support/plugin/headless-rest-api-security/reviews/)

## مشارکت کنندگان

 *   [ Md. Rakib Ullah ](https://profiles.wordpress.org/rakib417/)

## پشتیبانی

چیزی برای گفتن دارید؟ نیاز به کمک دارید؟

 [مشاهده انجمن پشتیبانی](https://wordpress.org/support/plugin/headless-rest-api-security/)