The WordPress REST API allows developers to interact with your site remotely by sending and receiving JSON objects. While useful for integrations, it can also expose your site to performance issues or security risks. On ruachost.com, you can disable or restrict the REST API using a plugin or PHP code.
Why Disable the REST API?
-
Prevents unauthorized access to sensitive data.
-
Reduces server load by blocking unnecessary requests.
-
Protects against potential DDoS attacks.
-
Useful if you don’t use external apps or integrations.
Method 1: Using the Disable REST API Plugin (Recommended)
-
Log in to WordPress with an administrator account.
-
In the dashboard, go to Plugins → Add New.
-
Search for Disable REST API.
-
Click Install Now, then Activate.
-
Go to Settings → Disable REST API.
-
Select and whitelist endpoints you want to keep active.
-
Click Save Changes.
✅ The REST API is now disabled except for whitelisted endpoints.
Method 2: Using PHP Code in functions.php
If you prefer not to use a plugin:
-
In the dashboard, go to Appearance → Theme Editor.
-
Open the functions.php file of your active theme.
-
Add the following code snippet:
// Disable REST API for non-authenticated users add_filter('rest_authentication_errors', function($result) { if (!is_user_logged_in()) { return new WP_Error('rest_disabled', __('REST API restricted to authenticated users.'), array('status' => 401)); } return $result; }); -
Save changes.
✅ This restricts REST API access to logged‑in users only.
Important Notes
-
Disabling the REST API may break plugins or themes that rely on it.
-
Always test changes on a staging site before applying them to production.
-
Use whitelisting if you need specific endpoints (e.g., WooCommerce, Jetpack).
-
Back up your site before editing theme files.
