Skip to content

Instantly share code, notes, and snippets.

@waqasy
Created December 21, 2018 09:55
Show Gist options
  • Save waqasy/d4a8aa50e5c9d215958192374a015d92 to your computer and use it in GitHub Desktop.
Save waqasy/d4a8aa50e5c9d215958192374a015d92 to your computer and use it in GitHub Desktop.
block wp-json
METHOD 1
ref: https://stackoverflow.com/a/41996977/1312563
Disabling REST API was not a bad idea, after all. It actually opened a huge hole in all websites!
In wordpress 4.4 there was a way
Here, I've found a possible solution with .htaccess but should be carefully tested in combination with whatever else is in your .htaccess file (e.g., pretty-url rules added by wordpress itself):
# WP REST API BLOCK JSON REQUESTS
# Block/Forbid Requests to: /wp-json/wp/
# WP REST API REQUEST METHODS: GET, POST, PUT, PATCH, DELETE
RewriteCond %{REQUEST_METHOD} ^(GET|POST|PUT|PATCH|DELETE) [NC]
RewriteCond %{REQUEST_URI} ^.*wp-json/wp/ [NC]
RewriteRule ^(.*)$ - [F]
A very drastic method, is also to have a 404.html webpage in your root and then add this line:
# WP REST API BLOCK JSON REQUESTS
# Redirect to a 404.html (you may want to add a 404 header!)
RewriteRule ^wp-json.*$ 404.html
Note that, unless you use a static page, i.e., not involved with wordpress functions, if you want to return a 404 error with an appropriate error page, this is a complete separate topic, with a lot of issues when Wordpress is involved
METHOD 2
RewriteRule ^wp-json(/.*|$) /404 [R=301,NC,L]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment