Get Started

Build Safer WordPress Sites: Disable REST API Access for Guests

Learn how to disable the REST API in your WordPress site for logged-out users.

by WPCodeBox

Watch on YouTube

Meet WPCodeBox: The Best Code Snippets Plugin for WordPress

faces

Join thousands of developers and agencies who are working better and faster using WPCodeBox

Get Started Now

By default, the WordPress REST API exposes data publicly, even to logged-out users. This can be a security concern if you want to protect sensitive information.

To fix this, you can disable REST API access for guests using a simple snippet. Logged-out users will be blocked, while logged-in users will still have full access to the API.

Below is the code snippet from the video used to disable the REST API:

function disable_rest_api_for_guests($access) {
    if(!is_user_logged_in()) {
        return new WP_Error(
            'rest_disabled',
            __('The REST API is disabled for guests.'),
            array('status' => 403)
        );
    }

    return $access;
}

add_filter('rest_authentication_errors','disable_rest_api_for_guests');

Related Tutorials

PHP Basics For WordPress Freelancers

By WPCodeBox

Disable WordPress Auto Updates with a Snippet

By WPCodeBox

How to Allow SVG Uploads in WordPress with Simple Code Snippet

By WPCodeBox

Build Safer WordPress Sites: Disable REST API Access for Guests

By WPCodeBox

Don’t Get Hacked! How to Disable XML-RPC on WordPress in 5 Minutes

By WPCodeBox

New features in WPCodeBox 2.0 (Beta)

By WPCodeBox

WPCodeBox is a WordPress Code Snippets Manager that allows you to share your WordPress Code Snippets across your sites.

Main

Home Pricing Blog About Us

More

Roadmap Releases WPCodeBin Actions & Filters Playground Affiliate Program

Help

Contact Documentation Videos

© WPCodeBox

Terms of Service Privacy