WordPress 4.4 added the much anticipated JSON REST API. It is great for plugin developers, but many site owners may not find it useful at all. In this article, we will show you how to easily disable the JSON REST API in WordPress.
Why You Need to Disable JSON REST API in WordPress?
There is no denying that the API will bring lots of benefits for WordPress developers. The API makes it super easy to retrieve data using GET requests, which is useful for those building apps with WordPress.
However, most site owners may not be needing those features at all.
Having that said, this could potentially open your website to a new front of DDoS attacks. It can be resource intensive and slow down your website.
It is similar to disabling XML-RPC, which many site admins disable on their WordPress sites just to be on the safe side.
Disabling JSON REST API in WordPress
The plugin works out of the box and there are no settings for you to configure.
It will now forcibly return an authentication error to any API requests from sources who are not logged into your website.
This will effectively prevent unauthorized requests from using the REST API to get information from your website.
You can test this by visiting http://example.com/wp-json page. Make sure you logout of WordPress admin area first or switch your browser to incognito mode.
Don’t forget to replace example.com with your own domain name. You will see this message, indicating that REST API requests are blocked.
That’s all, you have successfully disabled unauthorized REST API requests on your WordPress site.
We hope this article helped you learn how to Disable JSON API in WordPress. Security conscious users may also want to checkout these tips on protecting WordPress admin area.