How to disable the WordPress REST API?

WordPress REST API

Want to clean up redundant code on your WordPress site and improve its security? It’s a great idea to disable the WordPress REST API. Let’s look at all the ways how to do it.

WordPress REST API – what is it and how does it work?

As we wrote in one of the previous articles, this is a tool that allows the site to interact with external sources. For example, you can manage the creation and publication of content without logging into the admin panel. The REST API has been around since WP 4.7 and has been included in the core. Based on JSON ( JavaScript Object Notation ) – a language designed to send, receive and store data.

Why disable?

There are several reasons. If you use only the admin panel to work with the VP site and want to increase the security of your resource.

How to disable?

Plugin Disable REST API

The Disable REST API plugin works out of the box. You don’t need to configure anything. Simply install and activate.

Also see: How to Disable RSS WordPress [2022 guide]

Clearfy Pro Plugin

If you have this extension installed, open Clearfy Pro in the admin panel and go to the Code tab. Opposite the Disable JSON REST API option, move the slider to the right and click the Save Changes button.

Manually

If you do not want to install additional plugins on your site, this method is for you.

Locate and open the main configuration file of your active WordPress theme, functions.php. At the very end, just add these few lines:

add_filter( 'rest_enabled', '__return_false' );
remove_action( 'xmlrpc_rsd_apis', 'rest_output_rsd' );
remove_action( 'wp_head', 'rest_output_link_wp_head', 10, 0 );
remove_action( 'template_redirect', 'rest_output_link_header', 11, 0 );
remove_action( 'auth_cookie_malformed', 'rest_cookie_collect_status' );
remove_action( 'auth_cookie_expired', 'rest_cookie_collect_status' );
remove_action( 'auth_cookie_bad_username', 'rest_cookie_collect_status' );
remove_action( 'auth_cookie_bad_hash', 'rest_cookie_collect_status' );
remove_action( 'auth_cookie_valid', 'rest_cookie_collect_status' );
remove_filter( 'rest_authentication_errors', 'rest_cookie_check_errors', 100 );
remove_action( 'init', 'rest_api_init' );
remove_action( 'rest_api_init', 'rest_api_default_filters', 10, 1 );
remove_action( 'parse_request', 'rest_api_loaded' );
remove_action( 'rest_api_init', 'wp_oembed_register_route' );
remove_filter( 'rest_pre_serve_request', '_oembed_rest_pre_serve_request', 10, 4 );
remove_action( 'wp_head', 'wp_oembed_add_discovery_links' );
remove_action( 'wp_head', 'wp_oembed_add_host_js' );

Leave a comment

Your email address will not be published.