Wordpress

Black hole. REST API and WORDPRESS

To allow only logged in users to view WP endpoints, add the following code:

function mytheme_only_allow_logged_in_rest_access( $access ) {
	if( ! is_user_logged_in() ) {
		return new WP_Error(
                    'rest_cannot_access', 
                    __( 'Only authenticated users can access the REST API.', 'disable-json-api' ), 
                    array( 
                        'status' => rest_authorization_required_code() 
                    ) 
                 );
	}
	return $access;
}
add_filter( 'rest_authentication_errors', 'mytheme_only_allow_logged_in_rest_access' );

Admins version

function mytheme_only_allow_logged_in_rest_access( $access ) {
	if( ! is_user_logged_in() || ! current_user_can( 'manage_options' ) ) {
		return new WP_Error( 'rest_cannot_access', __( 'Only authenticated users can access the REST API.', 'disable-json-api' ), array( 'status' => rest_authorization_required_code() ) );
	}
	return $access;
}
add_filter( 'rest_authentication_errors', 'mytheme_only_allow_logged_in_rest_access' );

Default endpoints list

add_filter( 'rest_endpoints', 'show_default_endpoints' );
  
function show_default_endpoints( $endpoints ) {
  var_export( array_keys( $endpoints ) );
  die;
}

Removing access only for default endpoints.

add_filter( 'rest_endpoints', 'remove_default_endpoints' );
  
function remove_default_endpoints( $endpoints ) {
  return array( );
}

Share

PREV POST Mits w gronie najlepszych polskich firm w kategorii WebDesign
NEXT POST Correct messages during incorrect login in your website

Let's talk

We can help to make your idea come true, just drop us a line. If you want to join our team don’t wait. We are always looking for a talents!

PREV POST Mits w gronie najlepszych polskich firm w kategorii WebDesign
NEXT POST Correct messages during incorrect login in your website
Website development Lublin

Something went wrong

Probably Charles broke something.
Please try again. Sorry!