Disables the WP REST API for visitors not logged into WordPress.
| Author: | Bhautik Kikani (profile at wordpress.org) |
| WordPress version required: | 4.4 |
| WordPress version tested: | 5.2.3 |
| Plugin version: | 1.0 |
| Added to WordPress repository: | 28-09-2019 |
| Last updated: | 28-09-2019
Warning! This plugin has not been updated in over 2 years. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.
|
| Rating, %: | 100 |
| Rated by: | 1 |
| Plugin URI: | http://primanominfotech.com/ |
| Total downloads: | 6 |
 Click to start download |
|
This plugin does one thing : disables the WP JSON REST API for visitors who are not logged into WordPress. No configuration required.
This plugin works with only 60 short lines of code of file (less than 2KB). So it is super lightweight, fast, and effective for website.
Features
- Disable REST/JSON for visitors (not logged in)
- Disables REST header in HTTP response for all users
- Disables REST links in HTML head for all users
- 100% plug-and-play, set-it-and-forget solution
The fast, simple way to prevent abuse of your site’s REST/JSON API_
How does it work? That depends on which version of WordPress you are using..
WordPress v4.7 and beyond
For WordPress 4.7 and better, this plugin completely disables the WP REST API unless the user is logged into WordPress.
- For logged-in users, WP REST API works normally
- For logged-out users, WP REST API is disabled
What happens if logged-out visitor makes a JSON/REST request? They will get only a simple message:
“rest_login_required: REST API restricted to authenticated users.”
This message may customized via the filter hook, ‘disable_wp_rest_api_error’.
Older versions of WordPress
For WordPress versions less than 4.7, this plugin simply disables all REST API functionality for all users.
Privacy
This plugin does not collect or store any user data. It does not set any cookies, and it does not connect to any third-party locations. Thus, this plugin does not affect user privacy in any way.
Works perfectly with or without Gutenberg Block Editor