內容簡介
Disable WP REST API 外掛可完全禁用未登入使用者對 WordPress REST API 的訪問,保護網站資料不被未授權的訪客和機器人濫用,無需任何配置,輕量且高效。
【主要功能】
• 禁用未登入使用者的 REST/JSON 訪問
• 對所有使用者禁用 REST 標頭
• 對所有使用者禁用 REST 連結
• 100% 即插即用的解決方案
外掛標籤
開發者團隊
📦 歷史版本下載
原文外掛簡介
Does one thing: Completely disables the WordPress REST API for visitors who are not logged into WordPress. No configuration required.
Important: This plugin completely disables the WP REST API for visitors who are NOT logged in to WordPress. So not recommended if your site needs the WP REST API for any non-logged users.
👉 The fast, simple way to prevent abuse of your site’s REST/JSON API
👉 Protects your site’s REST data from all non-logged users and bots
👉 Uses only 4KB of code, so super lightweight, fast, and effective
🛠️ Pro version available! Check out REST Pro Tools »
Features
Disable REST/JSON for visitors (not logged in)
Disables REST header in HTTP response for all users
Disables REST links in HTML head for all users
100% plug-and-play, set-it-and-forget solution
How does it work?
This plugin completely disables the WP REST API unless the user is logged into WordPress.
For logged-in (authenticated) users, WP REST API works normally
For logged-out (unauthenticated) users, WP REST API is disabled
What happens if logged-out visitor makes a JSON/REST request? They will get only a simple message:
rest_login_required: REST API restricted to authenticated users.
This message may customized via the filter hook, disable_wp_rest_api_error. Check out this post for an example of how to do it.
Pro Version
🛠️ Check out the Pro version, REST Pro Tools, loaded with many awesome features:
One-click disable all routes
One-click disable all /users routes
Disable any specific user routes based on role
Whitelist any user IDs
Whitelist any IP addresses
Customize the REST error message
Customize the REST response code
Always require or force SSL/TLS
Disable all JSONP shenanigans
One-click disable any REST API headers
Add any post meta (custom field) to REST API
Add any user meta (custom field) to REST API
Add routes for site profile and author profile
Add routes for featured images and post categories
Add routes for post taxonomies and terms
At-a-glance check status of REST API
The free version does only one thing: disables REST API for unauthenticated users. The PRO version can do that and much more! Take full control of the REST API with REST Pro Tools »
Privacy
This plugin does not collect or store any user data. It does not set any cookies, and it does not connect to any third-party locations. Thus, this plugin does not affect user privacy in any way. If anything it improves user privacy, as it protects potentially sensitive information from being displayed/accessed via REST API.
Disable WP REST API is developed and maintained by Jeff Starr, 15-year WordPress developer and book author.
Support development of this plugin
I develop and maintain this free plugin with love for the WordPress community. To show support, you can make a donation or purchase one of my books:
The Tao of WordPress
Digging into WordPress
.htaccess made easy
WordPress Themes In Depth
Wizard’s SQL Recipes for WordPress
And/or purchase one of my premium WordPress plugins:
BBQ Pro – Blazing fast WordPress firewall
Blackhole Pro – Automatically block bad bots
Banhammer Pro – Monitor traffic and ban the bad guys
GA Google Analytics Pro – Connect WordPress to Google Analytics
Head Meta Pro – Ultimate Meta Tags for WordPress
REST Pro Tools – Awesome tools for managing the WP REST API
Simple Ajax Chat Pro – Unlimited chat rooms
USP Pro – Unlimited front-end forms
Links, tweets and likes also appreciated. Thank you! 🙂
