Disable REST API
| 开发者 |
dmchale
tangrufus |
|---|---|
| 更新时间 | 2021年2月15日 11:39 |
| PHP版本: | 5.6 及以上 |
| WordPress版本: | 5.6 |
| 版权: | GPLv2 or later |
| 版权网址: | 版权信息 |
详情介绍:
The most comprehensive plugin for controlling access to the WordPress REST API!
Works as a "set it and forget it" install. Just upload and activate, and the entire REST API will be inaccessible to your general site visitors.
But if you do need to grant access to some endpoints, you can do that too. Go to the Settings page and you can quickly whitelist individual endpoints (or entire branches of endpoints) in the REST API.
You can even do this on a per-user-role basis, so your unauthenticated users have one set of rules while WooCommerce customers have another while Subscribers and Editors and Admins all have their own. NOTE: Out of the box, all defined user roles will still be granted full access to the REST API until you choose to manage those settings.
For most versions of WordPress, this plugin will return an authentication error if a user is not allowed to access an endpoint. For legacy support, WordPress 4.4, 4.5, and 4.6 use the provided
rest_enabled filter to disable the entire REST API.
安装:
- Upload the
disable-json-apidirectory to the/wp-content/plugins/directory via FTP - Alternatively, upload the
disable-json-api_v#.#.zipfile to the 'Plugins->Add New' page in your WordPress admin area - Activate the plugin through the 'Plugins' menu in WordPress
屏幕截图:
更新日志:
1.6
- Tested up to WP v5.6
- Added support for managing endpoint access on a per-user-role basis
- Soooooooo many small changes behind the scenes to support the above
- Tested up to WP v5.5
- Tested up to WP v5.3
- Added enforcement for WordPress and PHP minimum version requirements
- Fixed minor bug to prevent unintended empty routes
- Minor text updates and adding textdomain to translation functions that didn't have them
- Added
load_plugin_textdomain()for i18n
- Fixed issue causing unintentional unlocking of endpoints when another WP_Error existed before this plugin did its job
- Fixed echo of text URL to primary Plugins page in WP Dashboard
- Tested for WP v4.8
- Tested for PHP 5.3+
- Added settings screen
- Site Admins may now whitelist routes that they wish to allow unauthenticated access to
- Added
dra_allow_rest_apifilter to the is_logged_in() check, so developers can get more granular with permissions - Props to @tangrufus for all of the help that went into this release
- Tested for WP v4.7
- Adding new functionality to raise authentication errors in 4.7+ for non-logged-in users
- Tested for WP v4.5
- Removal of actions which publish REST info to the head and header
- Updated to support the new filters created in the 2.0 beta API
- Initial Release