12/04/2019
1 min reading time
In this very short post, we will present a way to hide the publicly available endpoints in Wordpress by default from nosy, not logged in users.
To allow only logged in users to view the endpoints generated by WP, add the following code:
function mytheme_only_allow_logged_in_rest_access( $access ) {
if( ! is_user_logged_in() ) {
return new WP_Error(
'rest_cannot_access',
__( 'Only authenticated users can access the REST API.', 'disable-json-api' ),
array('status' => rest_authorization_required_code())
);
}
return $access;
}
add_filter( 'rest_authentication_errors', 'mytheme_only_allow_logged_in_rest_access' );function mytheme_only_allow_logged_in_rest_access( $access ) {
if( ! is_user_logged_in() || ! current_user_can( 'manage_options' ) ) {
return new WP_Error( 'rest_cannot_access', __( 'Only authenticated users can access the REST API.', 'disable-json-api' ), array( 'status' => rest_authorization_required_code() ) );
}
return $access;
}
add_filter( 'rest_authentication_errors', 'mytheme_only_allow_logged_in_rest_access' );add_filter( 'rest_endpoints', 'show_default_endpoints' );
function show_default_endpoints( $endpoints ) {
var_export( array_keys( $endpoints ) );
die;
}add_filter( 'rest_endpoints', 'remove_default_endpoints' );
function remove_default_endpoints( $endpoints ) {
return array( );
}
President
Mits sp. z o.o.
Questions?