Title: REST API restriction Last modified: December 3, 2019 --- # REST API restriction * [champdor](https://wordpress.org/support/users/champdor/) * (@champdor) * [6 years, 6 months ago](https://wordpress.org/support/topic/rest-api-restriction-2/) * There is an increasing number of requests on my side that webshop customers cannot load the site because of itsec_rest_api_access_restricted status 401. * Now I understand the importance of REST API restriction but there is no info in plain English what it has to do with female customers opening a homepage eg. from a facebook link. * This particular customer is blocked for days but she wants to buy products and is important to my client as you can guess. * Please advise: 1. If she clears cookies of the site may it resolve the problem? Or it has nothing to do with it? 2. Is it a real security liability if I set REST API access to default? Will it solve the problem? 3. Really what can cause this problem? I will ask her to write the time of attempts to look up in the sec.logs. * Best regards, Champdor * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Frest-api-restriction-2%2F%3Foutput_format%3Dmd&locale=en_US) to see the link]_ Viewing 3 replies - 1 through 3 (of 3 total) * [beardedginger](https://wordpress.org/support/users/beardedginger/) * (@beardedginger) * [6 years, 6 months ago](https://wordpress.org/support/topic/rest-api-restriction-2/#post-12202158) * Hi, * Will you please try disabling the following features to see if it helps? * Hackrepair Blacklist Feature (Security> Settings> Banned Users) * Filter Long URL Strings (Security> Settings> System Tweaks) * Filter Suspicious Query Strings in the URL (Security> Settings> System Tweaks) * Filter Non-English Characters (Security> Settings> System Tweaks) * You may also try enabling XML-RPC and allowing Full Access to the REST API. ( Security> Settings> WordPress Tweaks> XML-RPC) * Thanks, * Matt * Thread Starter [champdor](https://wordpress.org/support/users/champdor/) * (@champdor) * [6 years, 6 months ago](https://wordpress.org/support/topic/rest-api-restriction-2/#post-12204008) * I turned off Hackrepair and Long URLs, Suspicious and Non-English was turned off already. * Waiting for the next complaint 🙁 * Thank you for your suggestions! * Regards, Champdor * Thread Starter [champdor](https://wordpress.org/support/users/champdor/) * (@champdor) * [6 years, 6 months ago](https://wordpress.org/support/topic/rest-api-restriction-2/#post-12222277) * Anorher use case for REST API restriction 401: I use non-www domains with SSL. But more than one site I maintain throws error when I open them with www. Examples: – [https://suziartbag.hu](https://suziartbag.hu) – works – [http://www.suziartbag.hu](http://www.suziartbag.hu)– throws error * Same with szuno.com * Why redirection does not work here? Or why ITSEC thinks these are REST API calls? Viewing 3 replies - 1 through 3 (of 3 total) The topic ‘REST API restriction’ is closed to new replies. * ![](https://ps.w.org/better-wp-security/assets/icon.svg?rev=3529351) * [Kadence Security – Password, Two Factor Authentication, and Brute Force Protection](https://wordpress.org/plugins/better-wp-security/) * [Frequently Asked Questions](https://wordpress.org/plugins/better-wp-security/#faq) * [Support Threads](https://wordpress.org/support/plugin/better-wp-security/) * [Active Topics](https://wordpress.org/support/plugin/better-wp-security/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/better-wp-security/unresolved/) * [Reviews](https://wordpress.org/support/plugin/better-wp-security/reviews/) * 3 replies * 2 participants * Last reply from: [champdor](https://wordpress.org/support/users/champdor/) * Last activity: [6 years, 6 months ago](https://wordpress.org/support/topic/rest-api-restriction-2/#post-12222277) * Status: not resolved