This guide explains how to set up and configure the WordPress REST API on your Web60 website.
What is the WordPress REST API?
The WordPress REST API lets other websites and applications talk to your WordPress site. Think of it as a bridge that allows external systems to read your content, create posts, or manage users without directly accessing your WordPress dashboard.
Your Web60 site comes with the REST API already built into WordPress — you just need to configure it properly.
Step 1: Check if REST API is Working
First, test if your REST API is active:
- Open a web browser
- Type your website address followed by
/wp-json/wp/v2/posts - Example:
https://yourdomain.com/wp-json/wp/v2/posts - Press Enter
You should see a page with text that looks like code. This means your REST API is working. If you see an error message, continue to the next steps.
Step 2: Enable REST API Through WordPress Settings
Some plugins or settings might disable the REST API:
- Log into your WordPress admin dashboard
- Go to Settings > Permalinks
- Make sure "Post name" is selected (not "Plain")
- Click "Save Changes"
- Test the API URL again from Step 1
Step 3: Set Up Authentication (If Required)
If you need to create or edit content through the API, you'll need authentication. The simplest method is Application Passwords:
- In WordPress admin, go to Users > All Users
- Click "Edit" on your username
- Scroll down to "Application Passwords"
- Enter a name like "My App" in the "New Application Password Name" field
- Click "Add New Application Password"
- Copy the generated password immediately — you won't see it again
- Use your WordPress username and this password when connecting external applications
Step 4: Configure API Permissions
By default, anyone can read your public posts through the API. To change what's accessible:
- Install a security plugin like Wordfence (see our guide on setting up WordPress plugins)
- Look for REST API settings in the plugin
- Choose what data should be publicly accessible
- Save your changes
Step 5: Test Your API Setup
To verify everything works:
- Visit
https://yourdomain.com/wp-json/wp/v2/postsagain - You should see your published posts in a structured format
- Try
https://yourdomain.com/wp-json/wp/v2/pagesto see your pages - Visit
https://yourdomain.com/wp-json/wp/v2/usersto check user data access
If you're still stuck, contact Web60 support through your account portal. Include the specific error message you're seeing and what you're trying to achieve with the API.
FAQ
Q: Is the WordPress REST API automatically enabled on Web60?
A: Yes, the REST API is built into WordPress and enabled by default on all Web60 sites. You may need to configure authentication if you want to create or edit content through the API.
Q: Can I disable the REST API for security reasons?
A: Yes, you can disable it using a security plugin or by adding code to your theme. However, many modern WordPress features and plugins rely on the REST API to function properly.
Q: What can external applications do with my REST API?
A: By default, they can read your published posts and pages. With authentication, they can create, edit, or delete content depending on the user permissions you set up.
Q: Do I need technical knowledge to use the REST API?
A: To enable it, no. To build applications that use it, yes. Most business owners use the API to connect their WordPress site with other tools or services.
Q: Will enabling the REST API slow down my website?
A: No, enabling the REST API doesn't affect your website's loading speed for regular visitors. It only activates when external applications make API requests.
Q: Can I control what information is shared through the API?
A: Yes, you can use security plugins or custom code to restrict which posts, pages, or user information is accessible through the REST API.
Q: What's the difference between authentication methods?
A: Application Passwords are the simplest for most users. Other methods like JWT tokens or OAuth are more complex but offer additional security features for advanced applications.
Last updated: 1 March 2026