plugin-icon

禁用WP REST API

作者:Jeff Starr·
为未登录WordPress的访客禁用WP REST API。
api
disable
JSON
评级
4.8
版本
2.6.7
活跃安装
30K
最后更新
Jan 29, 2026

Does one thing: Completely disables the WordPress REST API for visitors who are not logged into WordPress. No configuration required.

Important: This plugin completely disables the WP REST API for visitors who are NOT logged in to WordPress. So not recommended if your site needs the WP REST API for any non-logged users.

👉 The fast, simple way to prevent abuse of your site’s REST/JSON API 👉 Protects your site’s REST data from all non-logged users and bots 👉 Uses only 4KB of code, so super lightweight, fast, and effective

特色

  • 禁用访问者的REST / JSON(未登录)
  • 在HTTP响应中为所有用户禁用REST头
  • 已禁用所有用户的HTML头中的RESET链接
  • 100%即插即用,一劳永逸的解决方案

How does it work?

This plugin completely disables the WP REST API unless the user is logged into WordPress.

  • 对于登录用户,WP REST API正常工作
  • 对于已注销的用户,将禁用WP REST API

如果注销的访问者发出JSON / REST请求会发生什么? 他们只会收到一条简单的信息:

rest_login_required: REST API restricted to authenticated users.

This message may customized via the filter hook, disable_wp_rest_api_error. Check out this post for an example of how to do it.

隐私

This plugin does not collect or store any user data. It does not set any cookies, and it does not connect to any third-party locations. Thus, this plugin does not affect user privacy in any way. If anything it improves user privacy, as it protects potentially sensitive information from being displayed/accessed via REST API.

Disable WP REST API is developed and maintained by Jeff Starr, 15-year WordPress developer and book author.

支持此插件的开发

I develop and maintain this free plugin with love for the WordPress community. To show support, you can make a donation or purchase one of my books:

And/or purchase one of my premium WordPress plugins:

Links, tweets and likes also appreciated. Thank you! 🙂

免费使用Business套餐
从这里开始
通过安装,您同意 WordPress.com 服务条款第三方插件条款
目前已测试版本
WordPress 6.9.1
这个插件是可用的下载,适用于您的站点。
下载