Why and How to Safely Disable The JSON REST API in WordPress 2017

With the release of the latest version of WorpPress, WordPress 4.4, the developers added the much anticipated JSON REST API. It is great for plugin developers, but many site owners may not find it useful at all. In this article, we will show you how to easily disable the JSON REST API in WordPress. The feature makes it possible to access your content through a JSON API, which is awesome for external services and clients. This snippet lets you disable this WordPress REST API if you for some reason don’t want to use it.

add_filter('json_enabled', '__return_false');
add_filter('json_jsonp_enabled', '__return_false');

One of the main reasons you should disable the JSON api is that it opens your website to a new front of DDoS attacks. It can be resource intensive and slow down your website. It is similar to disabling XML-RPC, which many site admins disable on their WordPress sites just to be on the safe side.

You can test if this code snippet worked by visiting https://dotlayer.com/wp-json page. Make sure you logout of WordPress admin area first or switch your browser to incognito mode. Don’t forget to replace with your own domain name. You will see this message, indicating that REST API requests are blocked.

Rate this post

Join over 20,000 users and get our best content

Each week we send 1 email to 20,000 smart entrepreneurs just like you. Enter your email below to join the crew.

Thank you for subscribing.

Something went wrong.

Leave a Comment