Este plugin no se ha probado con las últimas 3 versiones mayores de WordPress. Puede que ya no tenga soporte ni lo mantenga nadie, o puede que tenga problemas de compatibilidad cuando se usa con las versiones más recientes de WordPress.

Disable REST API

Descripción

** Version 1.4 now supports whitelisting of individual routes within the REST API **

The engine for the API has existed in WordPress since v4.4, but additional functionality and endpoints are a
continual project. While this is very exciting news for many reasons – and many plugins, themes, and even pieces of
WordPress core are already beginning to use the REST API – it is also not functionality that every site admin is going
to want enabled on their website if not necessary.

As of WordPress 4.7, the filters provided for disabling the REST API were removed. To compensate, this plugin will
forcibly return an authentication error to any API requests from sources who are not logged into your website, which
will effectively still prevent unauthorized requests from using the REST API to get information from your website.

For WordPress versions 4.4, 4.5 and 4.6, this plugin makes use of the rest_enabled filter provided by the API to
disable the API functionality. However, it is strongly recommended that all site owners run the most recent version
of WordPress except where absolutely necessary.

Capturas

  • The JSON returned by a website with the API disabled via filters (WP versions 4.4, 4.5, 4.6)
  • The JSON returned by a website with the API disabled via authentication methods (WP versions 4.7+)

Instalación

  1. Upload the disable-json-api directory to the /wp-content/plugins/ directory via FTP
  2. Alternatively, upload the disable-json-api_v#.#.zip file to the ‘Plugins->Add New’ page in your WordPress admin
    area
  3. Activa el plugin desde el menú ‘Plugins’ de WordPress

Preguntas frecuentes

Installation Instructions
  1. Upload the disable-json-api directory to the /wp-content/plugins/ directory via FTP
  2. Alternatively, upload the disable-json-api_v#.#.zip file to the ‘Plugins->Add New’ page in your WordPress admin
    area
  3. Activa el plugin desde el menú ‘Plugins’ de WordPress
How do I know if this plugin is working?

While logged into WordPress as any user, the REST API will function as intended. Because of this, you must use a new
browser – or Chrome’s incognito mode – to test your website with a clean session. Go to yourdomain.com/wp-json/ (or
yourdomain.com/?rest_route=/ if you have pretty permalinks disabled) while NOT LOGGED IN to test the results. You will
see an authentication error returned if the plugin is active. «DRA: Only authenticated users can access the REST API.»

Does this plugin disable all REST API’s installed?

This plugin is ONLY meant to disable endpoints accessible via the default REST API that is part of WordPress itself. If
a plugin or theme chooses to register its namespace with the core REST API, its endpoints will – by default – by
disabled so long as this plugin is active. Namespaces and routes may be whitelisted via this plugin’s Settings page.

Reseñas

5 de marzo, 2017
Does exactly what I want it to do. It disables the REST API completely for non-authenticated users.
17 de febrero, 2017
Thanks for creating this plugin. It was a pleasure to acquire and install. Let's hope the rest API evolves more safely in the upcoming releases.
14 de febrero, 2017
Since the disable REST filter was so wisely disabled *sarcasm*, this plugin is a necessary tool. It's unconscionable to provide a whole new huge attack surface with the REST API, provide a filter to disable it and then suddenly remove that filter. WTF. Millions of WP sites running 4.7 and 4.7.1 are now defaced because of hubris by the core developers. Years of work to improve WordPress's reputation for insecurity undone by one irresponsible decision.
Leer todas las 17 reseñas

Colaboradores y desarrolladores

“Disable REST API” es un software de código abierto. Las siguientes personas han colaborado con este plugin.

Colaboradores

“Disable REST API” ha sido traducido a 6 idiomas locales. Gracias a los traductores por sus contribuciones.

Traduce “Disable REST API” a tu idioma.

¿Interesado en el desarrollo?

Revisa el código , echa un vistazo al repositorio SVN o suscríbete al registro de desarrollo por RSS.

Registro de cambios

1.4.3

  • Added load_plugin_textdomain() for i18n

1.4.2

  • Fixed issue causing unintentional unlocking of endpoints when another WP_Error existed before this plugin did its job

1.4.1

  • Fixed echo of text URL to primary Plugins page in WP Dashboard

1.4

  • Tested for WP v4.8
  • Tested for PHP 5.3+
  • Added settings screen
  • Site Admins may now whitelist routes that they wish to allow unauthenticated access to
  • Added dra_allow_rest_api filter to the is_logged_in() check, so developers can get more granular with permissions
  • Props to @tangrufus for all of the help that went into this release

1.3

  • Tested for WP v4.7
  • Adding new functionality to raise authentication errors in 4.7+ for non-logged-in users

1.2

  • Tested for WP v4.5
  • Removal of actions which publish REST info to the head and header

1.1

  • Updated to support the new filters created in the 2.0 beta API

1.0

  • Lanzamiento inicial