Create a gist now

Instantly share code, notes, and snippets.

Remove the WP REST API JSON Endpoints for everyone except Administrators
<?php
/*
* Only allow Admin users to view WP REST API JSON Endpoints
*/
function mytheme_only_allow_logged_in_rest_access( $access ) {
if( ! is_user_logged_in() || ! current_user_can( 'manage_options' ) ) {
return new WP_Error( 'rest_cannot_access', __( 'Only authenticated users can access the REST API.', 'disable-json-api' ), array( 'status' => rest_authorization_required_code() ) );
}
return $access;
}
add_filter( 'rest_authentication_errors', 'mytheme_only_allow_logged_in_rest_access' );
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment