Did we say all pages? Yup, that’s right.
All Most of your posts, pages and users are exposed to the public with this API. That includes pages that have no public links to them and pages that are not available in any menus on your website.
So some of the WP devs here at Earth People got curious about the API and what exposed stuff we could find on those websites on the internet that had updated to 4.7. We figured that an easy way to test this was to create a Google Chrome extension.
Hello there WP Content Discovery Chrome Extension
So we made the the extension and we called it WP Content Discovery.
Here’s how it works:
It adds an icon to your chrome toolbar. By default it only displays the letter “w” as in WordPress. When you visit a WordPress powered website and it detects the API is lightens up and displays “API” in blue.
Now the fun starts: click the icon to get get a list of pages, posts and users on that website!
Here is an example from the website of admin activity logger Simple History:
Please try the extension. And please let us know what you think here in the comments!
One last thing… the API may freak some people out…
Even if all the data that you can get publicly from the REST API is already available somewhere in WordPress, it does freak some people out that it actually is possible to get the content so easily.
It is however pretty easy to disable the API if you find it to scary.