Last active
April 30, 2020 04:22
-
-
Save bueltge/2a084907ae029ce5fbba9098627fd5d3 to your computer and use it in GitHub Desktop.
Disable WordPress REST API for users, there have not enough rights
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php # -*- coding: utf-8 -*- | |
| declare(strict_types=1); | |
| /** | |
| * Plugin Name: Disable REST API | |
| */ | |
| // Completely disable wp-json access. | |
| add_filter( | |
| 'rest_authentication_errors', | |
| function () { | |
| if (! current_user_can('edit_posts')) { | |
| return new WP_Error('rest_cannot_access', 'Bye', ['status' => 403]); | |
| } | |
| } | |
| ); | |
| // Remove actions added by wp-includes/default-filters.php. | |
| remove_action('wp_head', 'rest_output_link_wp_head'); | |
| remove_action('wp_head', 'wp_oembed_add_discovery_links'); | |
| remove_action('template_redirect', 'rest_output_link_header'); | |
| // Disable also the XMLRPC endpoint, not necessary for the REST API. | |
| add_filter('xmlrpc_enabled', '__return_false'); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment