REST stands for Representational State Transfer. It is a stateless client-server protocol that is mostly used over the HTTP protocol. REST is a standard protocol that is mostly used over the web and is not something specific to WordPress. Therefore the WordPress REST API makes your WordPress website available as a web service. This means that other websites, mobile applications, desktop/server software, and other components can programmatically retrieve data from your WordPress website easily and automatically, without the need to access the website from a browser.
By default, everyone can anonymously query the WordPress API running on your WordPress website to retrieve information that is already publicly available, such as posts, pages, media files, etc.
To retrieve information from a website, the hackers will send a particular HTTP GET request that is easily comprehended by REST API. Let us understand with the help of an example, in the image below an HTTP GET query is being sent to a test website running on the test server.
This has returned us with all the USERS registered with this site and this can further lead to Brute force and dictionary attacks.
To prevent these attacks without disabling the REST API you can use our simple plugin which takes no time to set up and will prevent these attacks with no pain.
SETTING UP - Google Authenticator
So in a few simple four-step process, you could make your site safer and hack-proof. Make sure to visit the rest of the guides and find out more capabilities of our plugin.