Deskripsyon
Every headless WordPress project requires the same setup: expose ACF fields to the REST API, configure CORS headers for your JavaScript frontend, and register a contact form endpoint.
HWConnector Lite moves all of that out of functions.php and into a clean, tabbed admin settings page.
Features
REST API Tab
* Expose ACF custom fields for post, page, and one Custom Post Type to the WordPress REST API
* No PHP required — configure through the admin dashboard
CORS Tab
* Add one allowed frontend origin (Next.js, Astro, Nuxt, etc.) through a simple field
* Correct headers sent for GET, POST, and OPTIONS (preflight) requests
* Origin-matched headers — only the requesting origin is echoed back
Endpoints Tab
* POST /wp-json/site/v1/contact — accepts name, email, message and forwards to your admin email
* Configurable namespace and send-to email
Security Tab
* Disable XML-RPC with one toggle (default: ON)
* Hide WordPress version from page source and RSS (default: ON)
Pro Version
HWConnector Pro unlocks:
- Unlimited CORS origins
- Unlimited Custom Post Types in the REST API
- Newsletter endpoint —
POST /wp-json/site/v1/newsletterwith FluentCRM integration
Who it’s for
Developers building headless WordPress sites with Next.js, Astro, Nuxt, SvelteKit, or any other JavaScript frontend who want a clean, reusable setup instead of copying functions.php boilerplate on every project.
Requirements
- WordPress 5.8+
- PHP 7.4+
- ACF (Advanced Custom Fields) — optional, required only for the REST API tab
Pag-install
- Upload the
headless-wp-connector-litefolder to/wp-content/plugins/ - Activate the plugin via the Plugins menu
- Go to Settings Headless Connector in your WordPress admin
- Configure each tab and save
FAQ
-
Does this work with WordPress.com?
-
No. This plugin requires self-hosted WordPress (wordpress.org).
-
Do I need ACF installed?
-
Only for the REST API feature. CORS, the contact endpoint, and security work independently.
-
The contact form endpoint isn’t sending emails. What should I check?
-
WordPress uses
wp_mail()which relies on your server’s mail configuration. On most shared hosts it works out of the box. If not, install an SMTP plugin like WP Mail SMTP and configure it with your mail provider. -
CORS headers aren’t being sent. What should I check?
-
- Confirm the origin is listed exactly as the browser sends it — including
http://orhttps://, no trailing slash - Check that no other plugin is adding conflicting
Access-Control-Allow-Originheaders
- Confirm the origin is listed exactly as the browser sends it — including
-
Endpoints return 404.
-
Go to Settings Permalinks and click Save Changes to flush WordPress rewrite rules.
-
Do I need to know PHP?
-
No. The plugin handles all the PHP. You configure everything through the admin dashboard.
Mga Review
Wala pang reviews para sa plugin na ito.
Mga Contributor at Developer
Ang “HWConnector Lite – Headless REST API & CORS” ay open source software. Ang mga sumusunod na tao ay nag-ambag sa plugin na ito.
Mga Contributor
Isalin ang “HWConnector Lite – Headless REST API & CORS” sa iyong wika.
Interesado sa development?
Tingnan ang code, i-check ang SVN repository, o mag-subscribe sa development log sa pamamagitan ng RSS.
Changelog
1.0.1
- Renamed plugin to remove trademark term from display name and slug
- Updated all function, class, constant, and option prefixes to meet WordPress.org guidelines (hwclite_)
- Added self as contributor to readme
- Security: added transient-based rate limiting on the contact endpoint (max 5 per IP per 10 minutes)
- Security: added input length validation on name (max 100 chars) and message (min 10, max 2000 chars)
- Security: added honeypot field to reject automated bot submissions
- Security: added explicit CRLF stripping on Reply-To header values as defence-in-depth
1.0.0
- Initial release