Disable WP REST API

Omschrijving

This plugin does one thing: disables the WP REST API for visitors who are not logged into WordPress. No configuration required.

This plugin works with only 22 short lines of code (less than 2KB). So it is super lightweight, fast, and effective.

Features

  • Disable REST/JSON for visitors (not logged in)
  • Disables REST header in HTTP response for all users
  • Disables REST links in HTML head for all users
  • 100% plug-and-play, set-it-and-forget solution

The fast, simple way to prevent abuse of your site’s REST/JSON API

How does it work? That depends on which version of WordPress you are using..

WordPress v4.7 and beyond

For WordPress 4.7 and better, this plugin completely disables the WP REST API unless the user is logged into WordPress.

  • For logged-in users, WP REST API works normally
  • For logged-out users, WP REST API is disabled

What happens if logged-out visitor makes a JSON/REST request? They will get only a simple message:

“rest_login_required: REST API restricted to authenticated users.”

This message may customized via the filter hook, disable_wp_rest_api_error.

Older versions of WordPress

For WordPress versions less than 4.7, this plugin simply disables all REST API functionality for all users.

More information available below in the FAQs section.

GDPR

This plugin does not collect any user data. So it does not do anything to make your site less compliant with GDPR. I have done my best to ensure that this plugin is 100% GDPR compliant, but I’m not a lawyer so can’t guarantee anything. To determine if your site is GDPR compliant, please consult an attorney.

Works perfectly with or without Gutenberg Block Editor

Installatie

How to Install

  1. Upload the plugin to your blog and activate
  2. Done! No further configuration is required.

More info on installing WP plugins

Testing

To test that the plugin is working, log out of WordPress and then request https://example.com/wp-json/ in a browser. See FAQs for more infos.

Like the plugin?

If you like Disable WP REST API, please take a moment to give a 5-star rating. It helps to keep development and support going strong. Thank you!

FAQ

Why would anyone want to disable the REST API?

Technically this plugin only disables REST API for visitors who are not logged into WordPress. With that in mind, here are some good reasons why someone would want to disable REST API for non-logged users:

  • The REST API may not be needed for non-logged users
  • Disabling the REST API conserves server resources
  • Disabling the REST API minimizes potential attack vectors
  • Disabling the REST API prevents content scraping and plagiarism

I’m sure there are other valid reasons, but you get the idea 🙂

There already is another “Disable REST” plugin?

Yep, actually there are two other “Disable REST” plugins:

The first of those plugins is awesome and provides a LOT more features and functionality than is required to simply disable REST. And the second plugin was shut down due to lack of use. I wrote my disable-REST plugin because I wanted something super lightweight, fast, and effective. If you are looking for more options and features, then check out the first of those two listed alternatives.

How do I test that REST is disabled?

Testing is easy:

  1. Log out of WordPress
  2. Using a browser, request https://example.com/wp-json/

If you see the following message, REST is disabled:

“rest_login_required: REST API restricted to authenticated users.”

Then if you log back in and make a new request for https://example.com/wp-json/, you will see that REST is working normally.

Does this plugin disable REST functionality added by other plugins?

Yes, if the REST endpoints are registered with the WP REST API.

Beoordelingen

Works great

Thank you for making this available, Jeff. As with your awesome 6G firewall, I love the plug-and-play simplicity.

Lees alle 2 beoordelingen

Bijdragers & ontwikkelaars

“Disable WP REST API” is open source software. De volgende personen hebben bijgedragen aan deze plugin.

Bijdragers

Vertaal “Disable WP REST API” naar jouw taal.

Interesse in ontwikkeling?

Bekijk de code, haal de SVN repository op, of abonneer je op het ontwikkellog via RSS.

Changelog

1.2

  • Adds homepage link to Plugins screen
  • Updates default translation template
  • Tests on WordPress 5.0 (beta)

1.1

  • Updates GDPR blurb and donate link
  • Adds “rate plugin” link to Plugins screen
  • Adds icons for the WordPress Plugin Directory
  • Generates default translation template
  • Further tests on WP versions 4.9 and 5.0 (alpha)

1.0

  • Initial release