Disable REST API to Protect WordPress

Wordpress

The WordPress REST API provides API endpoints for WordPress data types that allow developers to interact with sites remotely by sending and receiving JSON (JavaScript Object Notation) objects. WordPress 4.4 and above version supports REST API.

Without the help of any plugin wordpress it self provides an interactive front-end. By using the REST API, you can more easily structure the way you want to get data into and out of WordPress.

WordPress REST API provides public access of datas in the form of JSON ,

  • users
  • posts
  • categories
  • settings
  • tags
  • pages
  • comments
  • media
  • taxonamies
  • post types
  • post statuses

You can check this by add wp-json along with your domain name. Which results a JSON data with your site information.

If you want to list out all users in your site by change the URL as

<domain_name>.wp-json/wp/v2/users

 Replace domain_name with your site domain name.

Similarly we can also list posts,comments,pages..etc by removing users with these references.

So REST API exposed many of your personal information as JSON data.

To prevent the exposing of JSON data by using,

  1. disable REST API plugin

Use REST API Plugin

You can directly instal this plugin in your wordpress site by search and find it in the plugin menu of your wordpress dashboard. This plugin is ONLY meant to disable endpoints accessible via the default REST API that is part of WordPress itself.

By default, this plugin already prevents unregistered users from accessing the REST API of your WordPress.

 

Leave a Reply

Your email address will not be published. Required fields are marked *