diff --git a/public_html/wp-content/plugins/wordcamp-coming-soon-page/classes/wordcamp-coming-soon-page.php b/public_html/wp-content/plugins/wordcamp-coming-soon-page/classes/wordcamp-coming-soon-page.php
index d63a5d07de..b19dbd808e 100644
--- a/public_html/wp-content/plugins/wordcamp-coming-soon-page/classes/wordcamp-coming-soon-page.php
+++ b/public_html/wp-content/plugins/wordcamp-coming-soon-page/classes/wordcamp-coming-soon-page.php
@@ -140,12 +140,15 @@ public function disable_rest_endpoints( $response, $handler, $request ) {
 		 * Jetpack endpoints are whitelisted because some of them are needed to connect sites to WordPress.com
 		 * while Coming Soon is still enabled.
 		 *
+		 * Safelist entries generally _should not_ include a version number, to insure forward-compatibly. They
+		 * _should_ include the directory markers and `v` prefix, though, to avoid false-positive matches.
+		 *
 		 * @todo This works, but there are some additional, unknown steps needed to allow connecting to WPCOM
 		 * via the REST API. This is being left here because it will be needed when/if Jetpack removes XMLRPC
 		 * support and uses the REST API exclusively for registration. If that happens, we'll need to figure
 		 * out what extra steps are needed.
 		 */
-		$safelisted_namespaces = array( '/jetpack/v' );
+		$safelisted_namespaces = apply_filters( 'wccs_safelisted_namespaces', array( '/jetpack/v' ) );
 
 		$safelisted = array_filter( $safelisted_namespaces, function( $namespace ) use ( $request ) {
 			return false !== strpos( $request->get_route(), $namespace );