How to Disable JSON REST API in WordPress

In WordPress, the JSON REST API is a powerful tool that allows you to access and manage your WordPress website’s data using HTTP requests. This API enables you to create, read, update, and delete WordPress content, such as posts, pages, and users, using a simple and standardized interface. However, in some cases, you may want to disable the JSON REST API for security or performance reasons. In this article, we will show you how to disable JSON REST API in WordPress.

Disable JSON REST API Using a Plugin

To disable the JSON REST API in WordPress, you can use the Disable REST API plugin. This plugin allows you to easily disable the JSON REST API for your entire WordPress website or for specific user roles. To use the plugin, first, install and activate it on your WordPress website. Then, go to the Settings > Disable REST API page in your WordPress dashboard and select the user roles that you want to disable the JSON REST API for.

Once you have selected the user roles, click on the “Save Changes” button to save your settings. The JSON REST API will now be disabled for the selected user roles, and they will not be able to access or manage WordPress data using the API.

Disable JSON REST API Using Code

Alternatively, you can also disable the JSON REST API in WordPress using PHP code in the functions.php file. To do this, open the functions.php file in your WordPress theme’s folder using a text editor and add the following code:

function disable_json_rest_api() {
    // Remove REST API info from head and headers
    remove_action("xmlrpc_rsd_apis", "rest_output_rsd");
    remove_action("wp_head", "rest_output_link_wp_head", 10);
    remove_action("template_redirect", "rest_output_link_header", 11);

    // Remove REST API endpoint
    remove_action("rest_api_init", "wp_oembed_register_route");
    remove_filter(
        "rest_pre_serve_request",
        "_oembed_rest_pre_serve_request",
        10
    );

    // Remove REST API version
    add_filter("json_enabled", "__return_false");
    add_filter("json_jsonp_enabled", "__return_false");

    // Remove REST API functionality from all endpoints
    foreach (
        get_post_types(["show_in_rest" => true], "objects")
        as $post_type
    ) {
        remove_action("rest_api_init", "wp_oembed_register_route");
        remove_filter(
            "rest_pre_serve_request",
            "_oembed_rest_pre_serve_request",
            10
        );
        $post_type->show_in_rest = false;
    }
}
add_action("after_setup_theme", "disable_json_rest_api");

Once you have added the code to the functions.php file, save the changes and upload it to your WordPress theme’s folder. The JSON REST API will now be disabled for your entire WordPress website, and users will not be able to access or manage WordPress data using the API.

In conclusion, disabling the JSON REST API in WordPress can be useful for security and performance reasons. By using the Disable REST API plugin or PHP code, you can easily disable the JSON REST API for your entire website or for specific user roles. This can help to protect your website from malicious attacks and improve its overall performance.