Rate limiting in the WP REST API

  • Resolved Rudá Almeida

    (@rudaalmeida)


    7 years, 5 months ago

    Apparently, Wordfence’s rate limiting functionality ignores REST API requests.

    – Instantiante a new WP 4.8.2 instance of the default docker image
    – Install and activate Wordfence 6.3.19
    – Activate Wordfence’s rate limiting “If anyone’s requests exceed” -> 10 per minute -> block
    – Default theme, no plugins other than Wordfence
    – Open a new incognito window, visit the site’s home and refresh the window 11 times
    – Wordfence blocks the IP as expected

    – Unblock the IP
    – Open a new incognito window, visit [URL]/wp-json and refresh the window 11 times
    – Wordfence DOES NOT BLOCK THE IP.

Viewing 1 replies (of 1 total)

  • Hi Rudá,
    Currently, rate limiting rules aren’t applied to REST API requests, however, we have added your suggestion to our feature request list so our developers can investigate the possibility of implementing this feature in any of the upcoming releases.

    Thanks.

Viewing 1 replies (of 1 total)
  • The topic ‘Rate limiting in the WP REST API’ is closed to new replies.

Tags