Created
December 21, 2018 09:55
-
-
Save waqasy/d4a8aa50e5c9d215958192374a015d92 to your computer and use it in GitHub Desktop.
block wp-json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| METHOD 1 | |
| ref: https://stackoverflow.com/a/41996977/1312563 | |
| Disabling REST API was not a bad idea, after all. It actually opened a huge hole in all websites! | |
| In wordpress 4.4 there was a way | |
| Here, I've found a possible solution with .htaccess but should be carefully tested in combination with whatever else is in your .htaccess file (e.g., pretty-url rules added by wordpress itself): | |
| # WP REST API BLOCK JSON REQUESTS | |
| # Block/Forbid Requests to: /wp-json/wp/ | |
| # WP REST API REQUEST METHODS: GET, POST, PUT, PATCH, DELETE | |
| RewriteCond %{REQUEST_METHOD} ^(GET|POST|PUT|PATCH|DELETE) [NC] | |
| RewriteCond %{REQUEST_URI} ^.*wp-json/wp/ [NC] | |
| RewriteRule ^(.*)$ - [F] | |
| A very drastic method, is also to have a 404.html webpage in your root and then add this line: | |
| # WP REST API BLOCK JSON REQUESTS | |
| # Redirect to a 404.html (you may want to add a 404 header!) | |
| RewriteRule ^wp-json.*$ 404.html | |
| Note that, unless you use a static page, i.e., not involved with wordpress functions, if you want to return a 404 error with an appropriate error page, this is a complete separate topic, with a lot of issues when Wordpress is involved | |
| METHOD 2 | |
| RewriteRule ^wp-json(/.*|$) /404 [R=301,NC,L] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment