Support » Plugin: Code Snippets » How should I execute this snippet to remove acess to the rest API?

  • As seen heree: https://neliosoftware.com/blog/protect-your-wordpress-by-hiding-the-rest-api/

    This is the snippet:

    
    
    add_filter( 'rest_authentication_errors', function( $result ) {
      if ( ! empty( $result ) ) {
        return $result;
      }
      if ( ! is_user_logged_in() ) {
        return new WP_Error( 'rest_not_logged_in', 'You are not currently logged in.', array( 'status' => 401 ) );
      }
      if ( ! current_user_can( 'administrator' ) ) {
        return new WP_Error( 'rest_not_admin', 'You are not an administrator.', array( 'status' => 401 ) );
      }
      return $result;
    });

    Should I run it on both frontend and administrator ends?

Viewing 2 replies - 1 through 2 (of 2 total)
Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘How should I execute this snippet to remove acess to the rest API?’ is closed to new replies.