Hello, great question!
WordPress 4.4 only included the infrastructure part as part of the core, while the endpoints are only available in the plugin.
Checkout this post for more details about the REST API that’s included in WP 4.4:
https://make.wordpress.org/core/2015/10/28/rest-api-welcome-the-infrastructure-to-core/
Basically, I believe you will need the WP-API plugin installed to use the REST API to pull posts from your site. Since you’re not using the WP REST API – you should be fine*.
*Don’t quote me on that – you should test first if this is a major concern for you.
-
This reply was modified 6 years, 2 months ago by
Kevin Vess. Reason: added disclaimer
Also, Force Login wasn’t built as a “security” plugin but simply blocks the general public from viewing your website content by requiring visitors to login first.
And, the average visitor isn’t likely to write a custom API request to retrieve you site content.
However, if you’re particularly concerned about the security or accessibility of your site content via the new WP API, you can try adding the following code to your theme’s functions.php to disable it for your site:
add_filter('json_enabled', '__return_false');
add_filter('json_jsonp_enabled', '__return_false');
For more information about disabling the REST API in WordPress, checkout the following article:
http://www.wpbeginner.com/wp-tutorials/how-to-disable-json-rest-api-in-wordpress/
It looks like the Rest API Endpoints will make their way into WordPress 4.7:
https://core.trac.wordpress.org/ticket/38373
Hello,
Thanks for your reply,
I have disabled the rest API with this plugin (V1&V2):
https://de-ch.wordpress.org/plugins/disable-json-api/
With wordpress 4.6.1, I think I am still “safe” as I need the plugin for endpoints;
Not sure what will happen with 4.7… W8&see..
I have also founded this solution, but not tested for now (I prefer to w8 for 4.7 before doing something wrong…
https://gist.github.com/danielbachhuber/8f92af4c6a8db784771c
Regards,
Delta
