This plugin does one thing: disables the WP REST API for visitors who are not logged into WordPress. No configuration required.
This plugin works with only 22 short lines of code (less than 2KB). So it is super lightweight, fast, and effective.
Note: This plugin completely disables the WordPress REST API. So it is not recommended if you need the WP REST API for any functionality.
Features
- Отключите REST/JSON для посетителей (не вошедших в систему)
- Отключение заголовка REST в HTTP-ответе для всех пользователей
- Отключите REST-ссылки в HTML-голове для всех пользователей
- 100% plug-and-play, set-it-and-forget solution
The fast, simple way to prevent abuse of your site’s REST/JSON API
How does it work? That depends on which version of WordPress you are using..
WordPress v4.7 and beyond
For WordPress 4.7 and better, this plugin completely disables the WP REST API unless the user is logged into WordPress.
- Для пользователей, вошедших в систему, WP REST API работает нормально
- Для пользователей, вышедших из системы, WP REST API отключен
What happens if logged-out visitor makes a JSON/REST request? They will get only a simple message:
«rest_login_required: REST API restricted to authenticated users.»
This message may customized via the filter hook, disable_wp_rest_api_error. Check out this post for an example of how to do it.
Older versions of WordPress
For WordPress versions less than 4.7, this plugin simply disables all REST API functionality for all users.
More information available below in the FAQs section.
Privacy
This plugin does not collect or store any user data. It does not set any cookies, and it does not connect to any third-party locations. Thus, this plugin does not affect user privacy in any way. If anything it improves user privacy, as it protects potentially sensitive information from being displayed/accessed via REST API.
Disable WP REST API is developed and maintained by Jeff Starr, 15-year WordPress developer and book author.
Support development of this plugin
I develop and maintain this free plugin with love for the WordPress community. To show support, you can make a donation or purchase one of my books:
- The Tao of WordPress
- Digging into WordPress
- .htaccess made easy
- WordPress Themes In Depth
- Wizard’s SQL Recipes for WordPress
And/or purchase one of my premium WordPress plugins:
- BBQ Pro — Blazing fast WordPress firewall
- Blackhole Pro — Automatically block bad bots
- Banhammer Pro — Monitor traffic and ban the bad guys
- GA Google Analytics Pro — Connect WordPress to Google Analytics
- Head Meta Pro — Ultimate Meta Tags for WordPress
- Simple Ajax Chat Pro — Unlimited chat rooms
- USP Pro — Unlimited front-end forms
Links, tweets and likes also appreciated. Thank you! 🙂