If you are using #WordPress you should know that the JSON REST API can reveal sensitive info about the site admins for everyone on the Internet such as login name and ID:

<your-blog.tld>/wp-json/wp/v2/users

The info can be used to prepare #bruteforce attacks.

You can turn this off with WordPress board tools: Open the functions.php of your theme and add a filter.

If you don't have a functions.php create one and add

<?php wp_head(); ?>

to your header.php file before the closing tag </head>.