Support » Plugin: Disable WP REST API » Must Have for private Blog

  • cuthbert1337

    (@cuthbert1337)


    I just recently learnt about REST API in WP. I already used “My Private Site”-Plugin which restricts access to content to logged in users. But this works only for the web frontend. Via default enabled REST API still everyone is capable to read all posts! This I unfortunately did not know until I heard about in a tech podcast.

    What I also like about this plugin at least in the current version it does not simply turn off REST API it just restricts access to logged in Users. So, if your logged in (e.g., via application password) you can still access the API. This is excellent!

    I just wished “My Private Site”-Plugin would also have thought about WP’s REST API. Everyone using this plugin in my opinion will also be interested in not still granting access to content for everyone via REST.

  • You must be logged in to reply to this review.