![[object Object]](https://d1k2c27psfzbiv.cloudfront.net/wp-content/uploads/2023/05/15125034/WP-Adminify-logo.png){kind=logo}
WP Adminify
How to disable REST API?
The WordPress REST API provides a powerful way for developers to interact with your website's data through external applications. However, for security and performance reasons, you may want to disable REST API access for non-authenticated users, especially if your site doesn’t require external API access. The REST API feature in WP Adminify allows you to easily disable REST API for non-authenticated users and clean up any REST-related data from your site's HTML head and headers.
1. Access the REST API Settings
To begin:
- Log in to your WordPress dashboard.
- Navigate to WP Adminify > Security > REST API
2. Enable REST API Setting
Make sure the REST API feature is enabled by toggling the Show switch to the green, activated state. This will give you access to the REST API management options.
3. Disable REST API for Non-Authenticated Users
In the REST API settings:
- You will see an option labeled Disable REST API.
- Check the box next to this option to disable access to the REST API for users who are not logged in.
This ensures that only authenticated users (such as admins and logged-in users) will have access to the REST API. Disabling access for non-authenticated users can enhance the security of your site by preventing unauthorized users from accessing your data via the API.
4. Remove REST API Data from Head and Headers
In addition to disabling access for non-authenticated users, the REST API setting:
- Removes URL traces from the <head> section of your site's HTML.
- Removes REST API references from HTTP headers.
- Disables WP RSD endpoint (an endpoint used by remote services to discover your REST API).
5. Save Changes
After you have adjusted the settings:
- Scroll down to the bottom of the page.
- Click the Save Changes button to apply your new REST API settings.
6. Verify REST API is Disabled for Non-Authenticated Users
To ensure that the REST API is disabled:
- Open a new browser window in incognito mode (to simulate an unauthenticated user).
- Try accessing your site's REST API by visiting https://your-site.com/wp-json/.
- You should see a message indicating that access is denied or restricted.
If you're authenticated (logged in as an admin), the REST API will still be accessible.
Didn’t find what you were looking for? Get in touch!
Updated on December 2, 2024
Was this helpful to you?