It would be awesome if when I assign role based access to a page / post / custom post type, user role editor would remove those items from WordPress’s REST API, RSS Feeds, and Search results (Unless the user is the proper role).
Thanks for the good question.
1) REST API – protected content is not shown;
2) RSS feeds – It seems that some filters were missed. Protected content is available. I will work on a fix for this issue. Thanks again for paying my attention on the subject.
I made another test and discovered the mistake during previous test of RSS feed. I made that as logged-in user and checked access to the post allowed for logged-in users only. It’s content was hidden after I logged-out.
So I will add the missed filter for exceprt ‘the_excerpt_rss’ with the next update.