search

dmchale / disable-json-api

Public repo for the "Disable REST API" WordPress plugin, currently with 90,000+ active installs in the wordpress.org repository
10 stars 9 forks source link
hacktoberfest hacktoberfest2023 rest-api wordpress wordpress-plugin

readme

Disable REST API

Code Climate Codacy Badge

This is the public repository for the latest DEVELOPMENT copy of the plugin. There is absolutely no guarantee, express or implied, that the code you find here is a stable build. For official releases, please see the WordPress repository at https://wordpress.org/plugins/disable-json-api/

Disable the use of the REST API on your website to unauthenticated users, with the freedom to enable individual routes as desired. Manage route access for logged-in users based on their User Role.

Installation

  1. Install to WordPress plugins as normal and activate.

    Usage

  2. Basic usage of the plugin requires no configuration.
  3. Optionally, you may use the Settings page to whitelist individual routes inside the REST API based on User Role (Unauthenticated Users as well as any logged-in user)

    History

  4. Initial versions of this plugin simply used the existing filters of the REST API to disable it entirely.
  5. As of WordPress 4.7 and version 1.3 of this plugin, the plugin would forcibly throw an authentication error for unauthenticated users.
  6. In version 1.4 we introduced the Settings screen and allow site admins to whitelist routes they wish to allow for unauthenticated users.
  7. In version 1.5 we added minimum requirements checks for WordPress and PHP. Fixed minor bug to prevent unintended empty routes. Minor text & text-domain updates.
  8. In version 1.6 we added support for per-role rules and did a number of other housekeeping updates in the code.
  9. In version 1.7 we changed how we cache-bust static file enqueues, and repaired a logic bug in the role-based default_allow checks.
  10. In version 1.8 we provided a new filter so devs can customize the error message sent back if you fail the authentication check; updated minimum requirements to PHP 5.6 (up from 5.3) and WordPress 4.9 (up from WP 4.4); patched a Fatal Error when activating plugin on installations running LearnDash.

    Credits

    Authored by Dave McHale. Contributed to by Tang Rufus.

    License

    As with all WordPress projects, this plugin is released under the GPL