Disable JSON API

plugin banner

Uses the built-in filters of the JSON REST API to disable its functionality.

Author:Dave McHale (profile at wordpress.org)
WordPress version required:4.9
WordPress version tested:6.3.1
Plugin version:1.8
Added to WordPress repository:03-10-2014
Last updated:14-09-2023
Rating, %:96
Rated by:37
Plugin URI:http://www.binarytemplar.com/disable-json-api
Total downloads:631 306
Active installs:90 000+
plugin download
Click to start download

The most comprehensive plugin for controlling access to the WordPress REST API!

Works as a “set it and forget it” install. Just upload and activate, and the entire REST API will be inaccessible to your general site visitors.

But if you do need to grant access to some endpoints, you can do that too. Go to the Settings page and you can quickly whitelist individual endpoints (or entire branches of endpoints) in the REST API.

You can even do this on a per-user-role basis, so your unauthenticated users have one set of rules while WooCommerce customers have another while Subscribers and Editors and Admins all have their own. NOTE: Out of the box, all defined user roles will still be granted full access to the REST API until you choose to manage those settings.

For most versions of WordPress, this plugin will return an authentication error if a user is not allowed to access an endpoint. For legacy support, WordPress 4.4, 4.5, and 4.6 use the provided rest_enabled filter to disable the entire REST API.


Screenshots
FAQ
ChangeLog