Disable REST API

Disable REST API | Dave McHale


The most comprehensive plugin for controlling access to the WordPress REST API!

Works as a “set it and forget it” install. Just upload and activate, and the entire REST API will be inaccessible to
your site visitors. Or if you have a plugin or theme installed which needs some of its endpoints to be accessible to
site visitors, you can do that too. Go to the Settings page and you can quickly whitelist individual endpoints – or
entire branches of endpoints – registered with the REST API.

The engine for the API has existed in WordPress since v4.4 and additional functionality and endpoints are a
continual project. While this is very exciting news for many reasons, it is also not functionality that every site
admin wants enabled on their website if not necessary.

As of WordPress 4.7, the filters provided for disabling the REST API were removed. To compensate, this plugin will
forcibly return an authentication error to any API requests from sources who are not logged into your website, which
will effectively still prevent unauthorized requests from using the REST API to get information from your website.

For WordPress versions 4.4, 4.5 and 4.6, this plugin makes use of the rest_enabled filter provided by the API to
disable the API functionality. However, it is strongly recommended that all site owners run the most recent version
of WordPress except where absolutely necessary.


  1. Upload the disable-json-api directory to the /wp-content/plugins/ directory via FTP
  2. Alternatively, upload the disable-json-api_v#.#.zip file to the ‘Plugins->Add New’ page in your WordPress admin
  3. Activate the plugin through the ‘Plugins’ menu in WordPress

Plugin author

Dave McHale

Plugin official website address

If you encounter problems in using the Disable REST API plugin, you can comment below, and I will try my best to help you solve the problem

Leave a Comment

Your email address will not be published. Required fields are marked *