Disable REST API

Disable REST API

Disable the use of the REST API on your website to site users. Now with User Role support!
Rating:
4.8
star-rating-1star-rating-2star-rating-3star-rating-4star-rating-5
Active Installations:
90000+
Last Updated:
Sep 14, 2023
WordPress Version:
4.9 or higher
Tested up to:
6.3.5

Complete API Control

Protect your WordPress REST API with the most comprehensive plugin available. Easily grant or restrict access to specific endpoints or branches.

Effortless Installation

Simply upload and activate the plugin, and your REST API will be inaccessible to general site visitors. No complicated setup required.

Customized Access Rules

Tailor access rules for different user roles. Set specific permissions for unauthenticated users, WooCommerce customers, subscribers, editors, and admins.

Legacy Support Included

Enjoy authentication error protection for most WordPress versions. For older versions, use the provided filter to disable the entire REST API.

1.8

  • Tested up to WP v6.3
  • Added dra_error_message filter so devs can customize the access error message
  • Fixed bug that caused fatal errors if activating plugin on installations running the LearnPress plugin
  • Changed minimum requirements to PHP 5.6 (up from 5.3) and WordPress 4.9 (up from 4.4). Adding docblock comments to support minimums.

1.7

  • Tested up to WP v5.8
  • Replace use of filemtime() with plugin version number for static file enqueues. Props @tangrufus for bringing this up!
  • Fixed logic bug for role-based default_allow rules. Props @msp1974 for the report!
  • Few small code-style updates

1.6

  • Tested up to WP v5.6
  • Added support for managing endpoint access on a per-user-role basis
  • Soooooooo many small changes behind the scenes to support the above

1.5.1

  • Tested up to WP v5.5

1.5

  • Tested up to WP v5.3
  • Added enforcement for WordPress and PHP minimum version requirements
  • Fixed minor bug to prevent unintended empty routes
  • Minor text updates and adding textdomain to translation functions that didn’t have them

1.4.3

  • Added load_plugin_textdomain() for i18n

1.4.2

  • Fixed issue causing unintentional unlocking of endpoints when another WP_Error existed before this plugin did its job

1.4.1

  • Fixed echo of text URL to primary Plugins page in WP Dashboard

1.4

  • Tested for WP v4.8
  • Tested for PHP 5.3+
  • Added settings screen
  • Site Admins may now whitelist routes that they wish to allow unauthenticated access to
  • Added dra_allow_rest_api filter to the is_logged_in() check, so developers can get more granular with permissions
  • Props to @tangrufus for all of the help that went into this release

1.3

  • Tested for WP v4.7
  • Adding new functionality to raise authentication errors in 4.7+ for non-logged-in users

1.2

  • Tested for WP v4.5
  • Removal of actions which publish REST info to the head and header

1.1

  • Updated to support the new filters created in the 2.0 beta API

1.0

  • Initial Release

Excellent

By graphicvision1 on August 19, 2024

What else can I say, this plugin does exactly what its supposed to do. It's easy to understand and works perfectly. So well done!

Fantastic

By Maarten (maartenbelmans) on December 29, 2023

The plugin does what it says on the tin, without being pretentious. Absolutely fantastic!

One of the must have plugins.

By ucsendre on September 14, 2023

I always start my WordPress installations with this plugin (among a few other ones).

A must have on all sites.

Thank you.

Still works on WP 6.2

By mw815371 on April 3, 2023

The plugin still works for me on WordPress 6.2. It's great to have the option to allow API access where I need it and block everything else.

Just what I was looking for

By Ronny Adsetts (ronnyadsetts) on January 26, 2023

Allows locking the WP API behind auth and selectively allowing it where needed. Despite the lack of plugin updates, the author does have an active github repo so don't let that put you off.

Excellent solution

By Ben Sibley (BenSibley) on January 20, 2023

Blocking the REST API entirely breaks plugins that require this functionality, so being able to selectively enable routes is perfect.

I recommend this plugin to everyone who uses Independent Analytics to secure their site while still enabling analytics to be recorded.

Sorry to end this, but updates ...

By Hendrik57 on April 25, 2024

This is a very good plugin with the options, and it could still work now, but we can not verify compliance. Please update. And do not forget to update the .txt file that shows tested Wordpress.

Broke my site - but seems good idea

By richardjwallace on December 27, 2022

I installed this but following install I couldn't view any webpages.

The main page give exception

Notice: Trying to get property 'name' of non-object in /home/customer/www/XXXXXX/public_html/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php on line 60

I prompted renamed plugin folder using FTP in the folder wp-contentpluginsdisable-json-api.disable so I could login then deleted it

Good idea but didn't work for my site

Great work. Easy to use.

By tools400 on October 23, 2022

The title says all. It's a great plug-in and easy to use. Thanks!

Just works!

By druut (emkemk) on May 25, 2022

Great way to disable specific REST API endpoints. Simply a great plugin
Try other plugins too!

Admin Dashboard Last Edits

Easy and lightweight solution for showing the last edited posts and pages on the admin dashboard.

Try Demo

Admin Post Navigation

Adds links to navigate to the next and previous posts when editing a post in the WordPress admin.

Try Demo

SEO Friendly Images

SEO Friendly Images automatically adds alt and title attributes to all your images improving traffic from search engines.

Try Demo
Screenshots

Try Disable REST API With InstaWP

Request demo

Wondering how to integrate InstaWP with your current workflow? Ask us for a demo.

Contact Sales

Reach out to us to explore how InstaWP can benefit your business.