The REST API provides public data, which is accessible to any client anonymously, as well as private data available only after authentication. How could you ensure that no one can anonymously access site data via the REST API?

  • Disable the REST API via the site’s wp-config.php file.
  • Use the rest_authentication_errors() filter along with the is_user_logged_in() conditional to limit access to logged in users.
  • Use the rest_authentication_errors() filter along with cookie authentication to limit access to logged in users.
  • Use the Disable REST API plugin.
Join our list

Subscribe to our mailing list and get interesting stuff and updates to your email inbox.

Thank you for subscribing.

Something went wrong.

Leave a Comment

Join our list

Subscribe to our mailing list and get interesting stuff and updates to your email inbox.

Thank you for subscribing.

Something went wrong.

Send this to a friend