Disable WP REST API
Disables the WP REST API for visitors not logged into WordPress.
Overview
Compatibility
Installation instructions
Customer support & learning resources
Changelog
Main benefits
Disables REST API
No configuration required
Super lightweight and fast
Improves user privacy
Plug-and-play solution
About this plugin
Author: Jeff Starr
Categories: Integration and APIs
Version: 2.6.3
Last updated: 20-06-2024
WordPress version: 4.6
Tested up to: 6.6
PHP version required: 5.6.20
Languages: Italiano, 繁體中文
Tags:
Learning resources: View resources
Overview
The "Disable WP REST API" plugin is designed to secure your WordPress site by disabling the WP REST API for users who are not logged in. This lightweight and efficient solution requires no configuration and consists of only 22 short lines of code, making it incredibly fast and effective. Key features include disabling the REST/JSON API for non-logged-in visitors, removing REST headers from HTTP responses, and eliminating REST links in HTML headers. For WordPress versions 4.7 and above, the plugin restricts the WP REST API functionality to authenticated users, returning a customizable error message for logged-out attempts. In older WordPress versions, it disables the REST API entirely. Developed by Jeff Starr, this plugin enhances user privacy by preventing unauthorized access to potentially sensitive information without collecting any user data. Jeff Starr also offers additional support through donations, book purchases, or investing in his premium WordPress plugins.
Disables WP REST API for Non-Logged-In Users
- Prevents abuse of your site’s REST/JSON API by unauthorized users.
- Ensures that only authenticated users can access the REST API.
- Provides a simple message to unauthorized users attempting to access the API.
Lightweight and Fast
- Works with only 22 short lines of code.
- Less than 2KB in size, making it super lightweight.
- No impact on site performance due to its minimal codebase.
Plug-and-Play Solution
- No configuration required; works out of the box.
- 100% set-it-and-forget solution.
- Automatically disables REST API for non-logged-in users.
Enhanced Privacy
- Does not collect or store any user data.
- Does not set any cookies or connect to third-party locations.
- Improves user privacy by protecting sensitive information from being accessed via REST API.