Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Control WordPress REST API Access
Plugin Name: WP REST API Access
Plugin URI:
Description: Control WordPress REST API Access
Version: 1.0.0
Author: Naomi C. Bush
Author URI:
* Why?
* "only authors (users with published, publicly-available posts) are available when listing, and only information
* that’s already public is shown.
* In particular, things like ID, username, display names, avatar URLs are all publicly-available via theme templates
* and feeds. We took specific care when designing the API to only expose what was already there."
//Note that the use of an anonymous function only works on PHP7+
add_filter( 'rest_authentication_errors', function ( $result ) {
if ( ! empty( $result ) ) {
return $result;
if ( ! is_user_logged_in() && ! current_user_can( 'administrator' ) ) {
return new WP_Error( 'rest_disabled', 'The REST API is unavailable.', array( 'status' => 401 ) );
return $result;
} );
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment