Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Disable WordPress REST API for users, there have not enough rights
<?php # -*- coding: utf-8 -*-
* Plugin Name: Disable REST API
// Completely disable wp-json access.
function () {
if (! current_user_can('edit_posts')) {
return new WP_Error('rest_cannot_access', 'Bye', ['status' => 403]);
// Remove actions added by wp-includes/default-filters.php.
remove_action('wp_head', 'rest_output_link_wp_head');
remove_action('wp_head', 'wp_oembed_add_discovery_links');
remove_action('template_redirect', 'rest_output_link_header');
// Disable also the XMLRPC endpoint, not necessary for the REST API.
add_filter('xmlrpc_enabled', '__return_false');
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.