We’ve just launched our product – Limited lifetime offer ends 31st August

API Security

Get API Security

Our Story

Over a decade of unsecure API’s finally solved.

Over 40% of the internet are running websites with WordPress. 40% ‒ Most site owners may not even know that WordPress has a REST API to begin with, and those that do may not even use it or know how to disable it.

The WordPress REST API has been around for over a decade and for all that time. Not one plugin or even WordPress themselves have provided the security and privacy where it matters the most for the REST API.

That is a lot of sites essentially letting hackers, bots, spammers and scalpers to read data that you didn’t know you were even sharing out in the open.

So we felt it was about time a solution was made.

Introducing API Security!

API Security was built to make securing WordPress APIs simple, reliable, and production‑ready—out of the box.

Our Mission

Put practical security back into the hands of site owners and developers with smart defaults, minimal friction, and clear extensibility for the API.

How It Works

  • Zero‑config activation; protected in minutes.
  • Developer‑first filters and actions for full control.
  • Lightweight checks and cached lookups for performance.
  • Privacy‑aware by default.

Timeline of the WordPress REST API’s History

2013 – REST API starts as a plugin

  • Project started by Ryan McCue and Rachel Baker.
  • Released as the WP REST API plugin on WordPress.org.
  • Designed to provide a modern, JSON-based interface for WordPress.

2014 – Plugin adoption grows

  • Developers begin experimenting with building headless apps on top of WordPress.
  • API features expand: custom routes, authentication methods, and schema support.

December 8, 2015 – WordPress 4.4 (“Clifford”)

  • REST API infrastructure (routing, JSON responses, etc.) merged into core.
  • No content endpoints yet — still needed the REST API plugin for those.
  • This was mainly the “framework” for APIs inside WordPress.

December 6, 2016 – WordPress 4.7 (“Vaughan”)

  • Content endpoints for core WordPress objects (posts, pages, comments, users, terms, settings) merged into core.
  • Now you could make requests to /wp-json/wp/v2/ without installing any plugin.

2017–2018 – Widespread adoption & Gutenberg groundwork

  • REST API becomes critical for the Gutenberg editor project (introduced in WP 5.0).
  • Many third-party plugins start exposing their own endpoints.

2019+ – Headless WordPress movement

  • Surge in use for decoupled frontends (React, Vue, Next.js, etc.).
  • Authentication options like Application Passwords (WP 5.6 in Dec 2020) improve security for remote access.

The Team

Sébastien Dumont

Sébastien is the founder and one of the developers behind API Security.

Handles support and is usually your first contact. If he’s not working on solving your problems, he spends time vibe coding on another side projects using his deep technical knowledge to create other solutions.

Sasha

Sasha is the happy manager.

Her main job? Reminding me when it’s time to take a break walking over my keyboard.

If not in office she is taking long power naps.

Ready to shield up?

Activate API Security and give your WordPress site the API protection it deserves.

Get It Now!