How to disable WordPress REST API to not logged in user without a plugin

I think it should be disabled to not logged in users by default. Anyway, here you have the code to place in functions.php :

JSON Rest is enabled public by default, and it’s used by V5 new WP editor. You can disable it and install the Classic Editor Plugin and disable API for non locahost.


function restrict_rest_api_to_localhost() { 
      
        $whitelist = [ '127.0.0.1', "::1" ]; 
      
      if( ! in_array($_SERVER['REMOTE_ADDR'], $whitelist ) ){ 
          die( 'REST API is disabled.' ); 
      } 
} 

add_action( 'rest_api_init', 'restrict_rest_api_to_localhost', 0 );

 

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s