=== Pinny's Rest Lock ===
Contributors: realpinny
Requires at least: 5.0
Tested up to: 6.9
Requires PHP: 7.0
Stable tag: 1.0.0
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Prevents public access to REST API user endpoints while allowing authorized roles.
== Description ==

Pinny’s REST User Guard prevents public access to WordPress REST API user endpoints while preserving normal site functionality for authorized users.

By default, WordPress exposes /wp-json/wp/v2/users and related endpoints, which can be used for user enumeration on public sites. This plugin restricts those endpoints so they are only accessible to users with appropriate permissions, returning a proper 403 Forbidden response to unauthorized requests.

The plugin is lightweight, does not modify core files, and relies on WordPress’s native REST authentication flow to ensure compatibility with the block editor, admin tools, and third-party plugins.


== Changelog ==

= 1.0.0 =
* Initial release