Hey @deeveearr,
Developer of the WordPress Popular Posts plugin here!
I’m not familiar with the Shield plugin but its description page says this:
Security firewall for the REST API – block anonymous requests
If I had to guess, it sounds like Shield may be blocking REST API requests (loading popular posts lists, tracking views, etc.) coming from non-logged in users. You might want to check that.
Maybe there’s a setting or some way to whitelist specific REST API endpoints?
Hiys @hcabrera
I’ll have a quick rummage around and let you know.
Hey @hcabrera ,
I disabled Shields’ ‘blocking API requests’ about an hour ago, and the Popular Posts Plugin seems to be working fine again now.
Thanks for the help!
Plugin Support
Jelena
(@jmisic)
Hi @deeveearr, I’m really glad to hear you managed to get everything working again.
And huge thanks to @hcabrera for pointing you in exactly the right direction. 🙂
Just to add a little extra context: Shield’s “Anonymous REST API” setting is designed to block unauthenticated requests to the REST API. This can be a great security measure, but as you’ve seen, it can also block legitimate plugins (like WordPress Popular Posts) that rely on those requests.
That’s why we also provide an exclusions option — this lets you whitelist specific API endpoints so your important plugins can keep working smoothly, while still keeping the rest of your site locked down.
So, you’ve got 2 easy ways forward here:
- Keep the option disabled — which is perfectly fine if you don’t need that particular protection.
- Use the ‘Rest API Exclusions’ list — this lets you re-enable the option, but still allow anonymous access for the specific API endpoints used by plugins like Popular Posts. That way you keep the protection in place for everything else.
Either approach works, so it’s really down to what feels best for your setup.
Thanks again to you both, awesome teamwork!
Jelena
