=== Disable WP REST API === Plugin Name: Disable WP JSON REST API Plugin URI: http://primanominfotech.com/ Description: Disables the WP JSON REST API for visitors not logged into WordPress. Tags: wp rest api, wp json rest api, rest, rest-api, api, json, disable, head, header, link, http Author: Bhautik Kikani Author URI: https://profiles.wordpress.org/bhautik24/ Contributors: specialk Requires at least: 4.4 Tested up to: 5.2 Stable tag: 1.6 Version: 1.0 Requires PHP: 5.6.20 Text Domain: disable-wp-json-rest-api Domain Path: /languages License: GPL v2 or later License URI: https://www.gnu.org/licenses/gpl-2.0.html Disables the WP REST API for visitors not logged into WordPress. == Description == This plugin does one thing : disables the WP JSON REST API for visitors who are not logged into WordPress. No configuration required. This plugin works with only 60 short lines of code of file (less than 2KB). So it is super lightweight, fast, and effective for website. **Features** * Disable REST/JSON for visitors (not logged in) * Disables REST header in HTTP response for all users * Disables REST links in HTML head for all users * 100% plug-and-play, set-it-and-forget solution The fast, simple way to prevent abuse of your site's REST/JSON API_ How does it work? That depends on which version of WordPress you are using.. **WordPress v4.7 and beyond** For WordPress 4.7 and better, this plugin completely disables the WP REST API _unless_ the user is logged into WordPress. * For logged-in users, WP REST API works normally * For logged-out users, WP REST API is disabled What happens if logged-out visitor makes a JSON/REST request? They will get only a simple message: "rest_login_required: REST API restricted to authenticated users." This message may customized via the filter hook, 'disable_wp_rest_api_error'. **Older versions of WordPress** For WordPress versions less than 4.7, this plugin simply disables all REST API functionality for all users. **Privacy** This plugin does not collect or store any user data. It does not set any cookies, and it does not connect to any third-party locations. Thus, this plugin does not affect user privacy in any way. > Works perfectly with or without Gutenberg Block Editor == Screenshots == 1. What logged-in users see when requesting JSON/REST API 2. What non-logged visitors see when requesting JSON/REST API == Installation == **How to Install** 1. Upload the plugin to your wordpress and activate 2. Done! No extra configuration is required. **Testing** To test that the plugin is working, log out of WordPress and then request 'https://examples.com/wp-json/' in a browser. == Upgrade Notice == To upgrade this plugin, remove the old version and replace with the new version. Or just click "Update" from the Plugins screen and let WordPress do it for you automatically. Note: this plugin does not add anything to your WP database. == Frequently Asked Questions == **Why would anyone want to disable the REST API?** Technically this plugin only disables REST API for visitors who are not logged into WordPress. With that in mind, here are some good reasons why someone would want to disable REST API for non-logged users: * The REST API may not be needed for non-logged users * Disabling the REST API conserves server resources * Disabling the REST API minimizes potential attack vectors * Disabling the REST API prevents content scraping and plagiarism **How do I test that REST is disabled?** Testing is easy: 1. Log out of WordPress 2. Using a browser, request 'https://examples.com/wp-json/' If you see the following message, REST is disabled: "rest_login_required: REST API restricted to authenticated users." Then if you log back in and make a new request for 'https://examples.com/wp-json/', you will see that REST is working normally. **Does this plugin disable REST functionality added by other plugins?** Yes, if the REST endpoints are registered with the WP REST API. == Changelog == = 1.0 = * Initial release