Why and How to Safely Disable The JSON REST API in WordPress 2017

With the release of the latest version of WorpPress, WordPress 4.4, the developers added the much anticipated JSON REST API. It is great for plugin developers, but many site owners may not find it useful at all. In this article, we will show you how to easily disable the JSON REST API in WordPress. The feature makes it possible to access your content through a JSON API, which is awesome for external services and clients. This snippet lets you disable this WordPress REST API if you for some reason don’t want to use it.

add_filter('json_enabled', '__return_false');
add_filter('json_jsonp_enabled', '__return_false');

One of the main reasons you should disable the JSON api is that it opens your website to a new front of DDoS attacks. It can be resource intensive and slow down your website. It is similar to disabling XML-RPC, which many site admins disable on their WordPress sites just to be on the safe side.

You can test if this code snippet worked by visiting https://dotlayer.com/wp-json page. Make sure you logout of WordPress admin area first or switch your browser to incognito mode. Don’t forget to replace with your own domain name. You will see this message, indicating that REST API requests are blocked.