[Defender] security is needed

If i type: /wp-json/wp/v2/users at the end of my website, all users are listed! Wordfence security has the ability to block for free – why this i am paying for :slight_smile:?? Supposedly this will end it: # WP REST API BLOCK JSON REQUESTS TO USERS & COMMENTS ROUTES

# Block/Forbid Requests to: /wp-json/wp/v2/users and wp-json/wp/v2/comments

# WP REST API REQUEST METHODS: GET, POST, PUT, PATCH, DELETE

RewriteCond %{REQUEST_METHOD} ^(GET|POST|PUT|PATCH|DELETE) [NC]

RewriteCond %{REQUEST_URI} ^.*wp-json/wp/v2/(users|comments) [NC]

RewriteRule ^(.*)$ – [F]

see here: https://onlinesynlighed.dk/blog/stort-sikkerhedshul-kan-se-dit-wordpress-brugernavn/