How to disable WordPress REST API



WordPress is one of the most popular content management systems which allows you to create websites, and it is one of the ways to create a website for free.

It is very easy to disable WordPress REST API.

What is WordPress REST API?

The WordPress REST API is an application programming interface (API) that allows developers to create custom integrations with other software such as websites.

It provides an interface to use all various kinds of features and could be used to fetch or submit the data.

If you are a developer and interested in it, visit https://developer.wordpress.org/rest-api/

Why would you want to disable WordPress REST API?

You can easily access any WordPress website REST API by the link below,

http://yoursite.com/wp-json/wp/v2

The most common reason is to disable bots to access the REST API.

There are many ways attackers use to harm or break into your website, such as the Bruteforce attack, where the bot would simply submit multiple HTTP requests to your website trying to guess the password to break in.

This can give someone access to your website.

Here I have written two ways you could disable WordPress REST API public access.

1. Disable WordPress REST API With Plugin

I would recommend this way if you are using the theme which is made or managed by a third party.

It is very easy to do with a plugin, Login to your WordPress website admin panel, click on plugins and then click on the Add New button.

Search plugins with the term “disable rest api”, It will show you available plugins.

Here I’m using the first shown plugin by Dave McHale, Click on Install Now button and then activate it. This plugin disables the REST API as soon as you install and activate it.
Click on plugins, It should now list the “Disable REST API” plugin there, click on settings for the same.

It allows you to manage the REST API access as you want.

2. Disable WordPress REST API Without Plugin

You can use this option if you are the developer of your own theme or updating your theme programmatically without relying on someone else for the theme updates.

This is fairly easy to do,

open the wp-content/themes/whatever-theme-you-are-using folder and open the functions.php file in the text editor.

add_filter('rest_authentication_errors', function($result){
    if(!empty($result)){
        return $result;
    }
    if(!is_user_logged_in()){
        return new WP_Error('rest_unauthenticated', 'Unauthenticated.', array('status' => 401));
    }
    return $result;
});

Copy and paste the code in the functions.php file at the end of the file or the code which is already there.

And that is it!

Hope this article helped you and let us know in the comments if you think there is a better way to do the same.


About Parth

I'm the founder & CEO of DigitalSitara. A software development company with customers in mind. I have been developing all different kinds of software for the past 7 years. I love programming, music, and food.

Leave a Reply

Your email address will not be published. Required fields are marked *