WordPress JSON REST API

Do you want to remove WordPress JSON REST API to improve your website security? Then it is the right place. Today we will show you and discuss how to remove JSON REST API from the WordPress header.

JSON REST API is enabled by default from WordPress 4.4 version. It is very useful for WordPress developers. But for a normal user, it is a security risk.

Note: If you don’t have any WordPress then you can follow our complete guideline to make a WordPress website quickly.

What is JSON?

JSON (JavaScript Object Notation) is a lightweight data exchange format. It makes it easy for people to read and write. It also facilitates machine analysis and generation. JSON is based on JavaScript Programming Language. JSON uses a text format that is completely independent of the programming language but also uses the habits of C-like languages ​​(including C, C ++, C #, Java, JavaScript, Perl, Python, etc.). These characteristics make JSON an ideal data exchange language.

For more information about JSON visit official website https://www.json.org

The WordPress REST API provides REST endpoints (URLs) representing the posts, pages, taxonomies, and other built-in WordPress data types. Your application can send and receive JSON data to these endpoints to query, modify and create content on your site.

API

We see the abbreviation API from the name, which means that the ability to connect to the resource using special settings is added. More precisely, an application can be connected to WP that takes information with requests from WordPress.

Rest

Rest is an API data transfer specification, in other words, Rest is one of the varieties of the API. Its feature is compression of transmitted data and built-in support for the htpp-https internet protocols. A feature is the processing of getting parameters.

How to Find JSON REST API in WordPress?

You may still not understand where can you find your website JSON REST API.

It is very easy to see JSON REST API in your website. Just follow the format.

https://www.yousite.com/wp-json

Don’t forget to change your site name. It will show the JSON data. And JSON data can show you differently because of the browser. But don’t concern.

WordPress JSON REST API
Example of Json file

Why You Should Remove JSON REST API in WordPress?

When someone will visit your site https://www.yousite.com/wp-json or https://www.yoursite.com/wp-json/wp/v2/users the can see some information. This should be consider not only security issue but also privacy issue. Because it expose some important information. And not only your website, millions of WordPress website expose REST API.

Almost any website has the REST API exposed and visiting/wp-json/wp/v2/usershelps anyone find easily which users are registered. This is a weak point for your site to the hacker. They can inject malware or virus by taking this advantage. Some common reasons to hide REST API

  • It is not necessary for non-logged in users
  • After disable it can save server resources
  • Minimizes potential attack vectors
  • Prevents content scraping and plagiarism
  • Secure personal information

There are two ways to remove WordPress JSON REST API. And we will show you both ways.

How to Disable JSON REST API

Disable Manually

Most of the WordPress developers recommend this method to do small things like this. Using a plugin is the easiest way to do anything in WordPress. But for a small thing, if you consider using the plugin, it is not a good choice. Because all plugins more or less input some unnecessary code to your site. And the plugin could slow down your website. We have said details about how plugin slows down your website.

It is a little difficult for new WordPress users but the most effective way to hide JSON REST API. All you have to do add the below code to your activated theme’s functions.php

It is not so difficult. You can go to your website Cpanel>File manager or you can use FTP to find the functions.php

Also, you can visit your website Dashboard Appearance>Theme Editor. Here you can find the functions file. But most of the WordPress themes are not allowed to edit the theme files directly.

Note: Before editing any core code please consider to backup your site. It will be secure your site from any unexpected error.

add_filter( 'rest_authentication_errors', function( $result ) {
    if ( ! empty( $result ) ) {
        return $result;
    }
    if ( ! is_user_logged_in() ) {
        return new WP_Error( 'rest_not_logged_in', 'You_are_not_currently_logged_in.', array( 'status' => 401 ) );
    }
    return $result;
});

After add this code visit https://www.yousite.com/wp-json then you can see now your JSON REST API has been disabled.

Using plugin to Remove JSON REST API

There are many security plugins which provide option to hide REST API. Such as Sucuri and Wordfence. But most of the plugins are not free. Only premium version provide this feature.

There are some plugin which has created to only disable REST API. You can consider these plugins

  1. Disable WP REST API: We suggest using the Disable WP REST API plugin to hide this. This plugin is super fast and lightweight. And it was only created to hide only Rest API.
  2. Disable REST API: This is the most popular plugin to disable REST API. it has more than 60,000 active installations. But the problem is this plugin is not tested with the latest WordPress version.
  3. WP REST API Controller: This one also a popular plugin to hide REST API.

Install the plugin from your website dashboard or upload the plugin directly. We have a guide to install the WordPress plugin. You can follow the article.

After installing and activating you can find the options in the Settings menu.

All of the plugin and code also will hide REST API from the non-logged in users. This will show a message to the non-logged in users.

If you wish you can edit the message to the readers but only manually you can do it. ‘rest_not_logged_in’, ‘You_are_not_currently_logged in.’ you can edit here as you wish. But don’t change the format. You_are_not_currently_logged in this line can edit as REST_API_IS_disabled_for_this_site.

If you like this article then follow our Facebook, Twitter, and share this article with your friends. This will encourage us to write more great article for you.

Leave a Reply