Issue Overview
A site admin noticed a security alert from the miniOrange plugin:
“Alert: 2390 unrestricted APIs accessed. Each one could be an open door to vulnerabilities…”
Despite the alarming tone, there were no signs of suspicious activity or vulnerabilities on the site.
Our Findings
Alert Context
The alert was part of miniOrange’s upsell strategy—aimed at promoting premium features rather than flagging actual risk.
Secure Endpoints
All custom REST APIs were protected. Only internal miniOrange endpoints remained open, which is expected for plugin functionality.
️ No Data at Risk
No sensitive or public-facing data was exposed. No unusual traffic or breach indicators were detected.
✅ Safe to Ignore
Freshy confirmed that the current configuration was secure, and the alert did not require action unless the client wanted premium features.
Outcome
The warning was classified as non-critical and marketing-driven. No plugin changes were necessary, and REST API access remained secure as configured.
Unsure About Plugin Warnings?
At Integriti Studio, we separate real threats from exaggerated alerts. Let us review your WordPress setup and lock down what actually matters.
Get a Security Audit →
Leave a Reply