Without the help of any plugin wordpress it self provides an interactive front-end. By using the REST API, you can more easily structure the way you want to get data into and out of WordPress.
WordPress REST API provides public access of datas in the form of JSON ,
- post types
- post statuses
You can check this by add wp-json along with your domain name. Which results a JSON data with your site information.
If you want to list out all users in your site by change the URL as
Replace domain_name with your site domain name.
Similarly we can also list posts,comments,pages..etc by removing users with these references.
So REST API exposed many of your personal information as JSON data.
To prevent the exposing of JSON data by using,
- disable REST API plugin
Use REST API Plugin
You can directly instal this plugin in your wordpress site by search and find it in the plugin menu of your wordpress dashboard. This plugin is ONLY meant to disable endpoints accessible via the default REST API that is part of WordPress itself.
By default, this plugin already prevents unregistered users from accessing the REST API of your WordPress.