Thanks for this plugin Niels.
We noticed that the list of authors disappeared from sidebar for the post/page properties.
WordPress itself seems to make a request to the REST API /users endpoint, and is blocked.
Also we've found some plugins use this in the back-end which result in a JavaScript error.
Initially we thought it would be sufficient to guard the execution with if ( ! is_admin() ) { … } but this does not work because is_adminalways seem to be true for AJAX requests (see: https://codex.wordpress.org/AJAX_in_Plugins)
Any thoughts on this? What would be the best way to block REST API requests only from the front-end or outside of the admin?
Thanks for this plugin Niels. We noticed that the list of authors disappeared from sidebar for the post/page properties. WordPress itself seems to make a request to the REST API
/usersendpoint, and is blocked.Also we've found some plugins use this in the back-end which result in a JavaScript error.
Initially we thought it would be sufficient to guard the execution with
if ( ! is_admin() ) { … }but this does not work becauseis_adminalways seem to betruefor AJAX requests (see: https://codex.wordpress.org/AJAX_in_Plugins)Any thoughts on this? What would be the best way to block REST API requests only from the front-end or outside of the admin?