Disable WP REST API
Disables the WP REST API for visitors not logged into WordPress.
Overview
Compatibility
Installation instructions
Customer support & learning resources
Changelog
Main benefits
Disables REST API
No configuration required
Super lightweight and fast
Improves user privacy
Plug-and-play solution
About this plugin
Author: Jeff Starr
Categories: Integration and APIs
Version: 2.6.3
Last updated: 20-06-2024
WordPress version: 4.6
Tested up to: 6.6
PHP version required: 5.6.20
Languages: Italiano, 繁體中文
Tags:
Learning resources: View resources
Overview
The "Disable WP REST API" plugin is designed to secure your WordPress site by disabling the WP REST API for users who are not logged in. This lightweight and efficient solution requires no configuration and consists of only 22 short lines of code, making it incredibly fast and effective. Key features include disabling the REST/JSON API for non-logged-in visitors, removing REST headers from HTTP responses, and eliminating REST links in HTML headers. For WordPress versions 4.7 and above, the plugin restricts the WP REST API functionality to authenticated users, returning a customizable error message for logged-out attempts. In older WordPress versions, it disables the REST API entirely. Developed by Jeff Starr, this plugin enhances user privacy by preventing unauthorized access to potentially sensitive information without collecting any user data. Jeff Starr also offers additional support through donations, book purchases, or investing in his premium WordPress plugins.
Disables WP REST API for Non-Logged-In Users
- Prevents abuse of your site’s REST/JSON API by unauthorized users.
- Ensures that only authenticated users can access the REST API.
- Provides a simple message to unauthorized users attempting to access the API.
Lightweight and Fast
- Works with only 22 short lines of code.
- Less than 2KB in size, making it super lightweight.
- No impact on site performance due to its minimal codebase.
Plug-and-Play Solution
- No configuration required; works out of the box.
- 100% set-it-and-forget solution.
- Automatically disables REST API for non-logged-in users.
Enhanced Privacy
- Does not collect or store any user data.
- Does not set any cookies or connect to third-party locations.
- Improves user privacy by protecting sensitive information from being accessed via REST API.
Rating and reviews
wildstar2022
06 May, 2024
I’ve tried many different solutions using functions.php because I did not want to install yet another plugin.
I’m glad I found this one though. It’s simple, lightweight, maintains privacy, and functions with the latest version of WordPress.
Thanks Jeff!
Hendrik57
24 Jul, 2023
As the title says: Blocks Contact Form 7 forms sending after install and activate.
This topic was modified 1 year, 5 months ago by Hendrik57.
metaeditor
29 Mar, 2023
In generel a Good security concept .
But at the other end many plugin developer use the Rest API
Could be done much easier with a 5 3 line htaccess rule to block only ^.*wp-json/wp/v2/(users
But anyway a good solution if you have a simpel installation.
tinaponting
06 Nov, 2022
Easy and protects my blog, without taking power of my blog:)
This topic was modified 1 year, 8 months ago by tinaponting. Reason: rest api
7 Mysteries
26 Sep, 2022
Really simplified
