Disable REST API for Real
| 开发者 | samuelaguilera |
|---|---|
| 更新时间 | 2019年11月15日 07:41 |
| PHP版本: | 4.7 及以上 |
| WordPress版本: | 5.3 |
| 版权: | GPLv3 |
| 版权网址: | 版权信息 |
详情介绍:
The WordPress REST API is a great resource, but if you don't want to use it probably you will want to close this door to your WordPress.
Unlike other popular plugins that aims to disable the REST API but only return an error, processed by the REST API, when a request is received, by default, this plugin removes all filters and actions related to WordPress REST API, and returns a 404 error for requests sent to the REST API URL endpoints, effectively blocking any use of the REST API.
Optionally you can set the REST API setting in Settings -> General page to "Logged In Only" for a less drastical action, to keep REST API access enabled but require the user to be logged in to accept the requests.
If you're happy with the plugin please don't forget to give it a good rating, it will motivate me to keep sharing and improving this plugin (and others).
SUPPORT: If you have any support question, please create an issue at the Github repository.
必需条件
- WordPress 4.7 or higher.
- Disable WordPress core REST API for real by removing all filters and actions related to it and returning a 404 error for requests sent to REST API URL endpoints (e.g. https://example.com/wp-json/whatever ).
- Option to require user to be logged in to use the REST API instead of completely disable it.
屏幕截图:
常见问题:
How can I test if the plugin is working?
Use your browser to go to http://example.com/wp-json (replace example.com with your site domain). Your site will return a 404 error.
You can also check any regular page of your site to confirm the link to the REST API URL was removed from the HTTP header and from the HTML header.
If you have set the plugin to "Logged In Only", no changes are made to the page headers, but you will receive the following response if you try the REST API without being logged in:
{"code":"rest_not_logged_in","message":"External REST API requests not allowed for this site.","data":{"status":401}}
更新日志:
2.1.1
- Fixed typo. Thanks to Mike D for reporting it.
- Minor changes to make code 100% WordPress Coding Standards compliant.
- Added option in Settings -> General page to choose between completely disable the REST API (default), or "Logged In Only" to keep REST API access enabled but require the user to be logged in to accept the requests.
- Removed support for WordPress 4.6.1 and older.
- Initial release.