이 플러그인은 최근 3개의 주요 워드프레스 출시와 시험 되지 않았습니다. 워드프레스의 좀 더 최근 버전으로 이용할 때 더 이상 관리되지 않고 지원되지 않고 호환성 문제가 있을 수 있습니다.

다운로드

Disable REST API for Real

작성자: Samuel Aguilera

설명

The WordPress REST API is a great resource, but if you don’t want to use it probably you will want to close this door to your WordPress.

Unlike other popular plugins that aims to disable the REST API but only return an error, processed by the REST API, when a request is received, by default, this plugin removes all filters and actions related to WordPress REST API, and returns a 404 error for requests sent to the REST API URL endpoints, effectively blocking any use of the REST API.

Optionally you can set the REST API setting in Settings -> General page to “Logged In Only” for a less drastical action, to keep REST API access enabled but require the user to be logged in to accept the requests.

If you’re happy with the plugin please don’t forget to give it a good rating, it will motivate me to keep sharing and improving this plugin (and others).

SUPPORT: If you have any support question, please create an issue at the Github repository.

Requirements

  • WordPress 4.7 or higher.

Features

  • Disable WordPress core REST API for real by removing all filters and actions related to it and returning a 404 error for requests sent to REST API URL endpoints (e.g. https://example.com/wp-json/whatever ).
  • Option to require user to be logged in to use the REST API instead of completely disable it.

Usage

To disable the REST API completely simply install the plugin from the Plugins page and enable it.

If you don’t want to disable the REST API but require user to be logged in instead, go to Settings -> General page and set the REST API to option to “Logged In Only”, and click Save Changes.

You can change the option back to “Off” if you want to disable the REST API again.

To return to WordPress default, simply deactivate the plugin.

스크린샷

  • REST API option in Settings -> General page.
  • Jetpack's settings page confirming REST API is disabled.

FAQ

How can I test if the plugin is working?

Use your browser to go to http://example.com/wp-json (replace example.com with your site domain). Your site will return a 404 error.

You can also check any regular page of your site to confirm the link to the REST API URL was removed from the HTTP header and from the HTML header.

If you have set the plugin to “Logged In Only”, no changes are made to the page headers, but you will receive the following response if you try the REST API without being logged in:

{"code":"rest_not_logged_in","message":"External REST API requests not allowed for this site.","data":{"status":401}}

후기

works perfectly

2016년 9월 20일
Much easier than editing functions.php. This removed the "Link" HTTP header entirely. Perfect!

Simple to disable REST API

2016년 9월 3일
Thank you for this plug-in, glad I don't have to dig around in WordPress code to disable the API functionality. I don't use it and don't want another door for potential exploits.
모든 3 평가 읽기

기여자 & 개발자

“Disable REST API for Real”(은)는 오픈 소스 소프트웨어입니다. 다음의 사람들이 이 플러그인에 기여하였습니다.

기여자

“Disable REST API for Real”(이)가 2(으)로 번역되었습니다. 기여해 주셔서 번역자님께 감사드립니다.

자국어로 “Disable REST API for Real”(을)를 번역하세요.

개발에 관심이 있으십니까?

코드 탐색하기는, SVN 저장소를 확인하시거나, 개발 기록RSS로 구독하세요.

변경이력

2.1.1

  • Fixed typo. Thanks to Mike D for reporting it.

2.1

  • Minor changes to make code 100% WordPress Coding Standards compliant.

2.0

  • Added option in Settings -> General page to choose between completely disable the REST API (default), or “Logged In Only” to keep REST API access enabled but require the user to be logged in to accept the requests.
  • Removed support for WordPress 4.6.1 and older.

1.0

  • Initial release.

기초

평점

모두 보기
평가를 제출하기 위해 로그인합니다.

지원

할 말 있으신가요? 도움이 필요하신가요?

지원 포럼 보기