Support » Fixing WordPress » Should I diable WordPress Rest API

  • Resolved prantikv

    (@prantikv)


    Hey there guys,

    I have my blog self hosted running WordPress and I Do NOT need the Wp-Rest API.

    But as it turns out disabling it is causing to Contact Form 7 To not work. Contact form 7 simply shows the spinning circle infinitely.

    As I read on wpbeginner ([link here][1]) that disabling will boost security.

    So my question is if I leave it enabled, which I intend to do. What safety precautions should I take?

    Thanks

    [1]: http://www.wpbeginner.com/wp-tutorials/how-to-disable-json-rest-api-in-wordpress/

Viewing 3 replies - 1 through 3 (of 3 total)
  • You can find lots of opinions on both sides of this question. The community of good people who develop/maintain WP obviously believe the REST API should be enabled, since version 4.7 merged it into the WP core and removed the filter which was formerly used to disable it. Some security experts recommend disabling it unless needed. There was a huge security issue, fixed in 4.7.2. Vague concerns about possible ddos attacks seem to remain. I personally disable it, but with the expectation that as more plugins make use of it I will at some point have to turn it on.

    Yes. Rest API is the future and will be, if not already, an irreplaceable part of WP. There is no escape from it.

    Without an answer from the developer on why Contact7 needs REST, my clients will be forced to look for alternative form plugins. See all the other posts regarding this topic (with no answer), the lack of documentation regarding the CHANGE to require REST, any reasonable workarounds, the long list of real and potential security risks in opening the REST API to general access, and the lack of any response from the developer.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Should I diable WordPress Rest API’ is closed to new replies.