Security Module

Disable REST API

Disable REST API restricts WordPress REST API access for non-authenticated users while keeping it functional for logged-in users and admin operations. The REST API exposes data endpoints that some sites do not need publicly accessible. This module blocks unauthenticated API requests, preventing data enumeration and reducing attack surface. Authenticated users and admin operations that require the API continue to work normally.

rest-api security disable endpoints access

Disable REST API Part of 165+ modules $349 $249

Get Lifetime Access

Key Features

Disable REST API completely
Restrict to authenticated users
Better security

Why Use This Module?

  • Block public API access to site data
  • Prevent user enumeration through API
  • Reduce potential attack surface
  • Keep API functional for admin operations
  • Logged-in users retain full API access

Real-World Use Cases

Prevent Data Scraping

Block public REST API access to prevent bots from harvesting all your posts, users, and content data via /wp-json endpoints.

Reduce Attack Surface

Disable REST API for non-logged-in users to eliminate potential vulnerability exploitation vectors.

Membership Site Protection

Prevent unauthorized access to member content or user data exposed through REST API endpoints.

How to Use

Choose to disable REST API completely or restrict it to authenticated users only in module settings.

Benefits & Impact

Time Savings

Automates manual tasks and streamlines your workflow

Performance Boost

Enhances site security and protection

Better UX

Provides a better user experience

Easy Maintenance

Simple setup with minimal ongoing maintenance

Frequently Asked Questions

Will the block editor still work?

Yes, the block editor uses REST API but as an authenticated user. This only blocks unauthenticated public requests.

Does this affect contact forms or plugins?

Most plugins that need the API work through authenticated requests. Test your specific plugins to ensure compatibility.

Can I whitelist specific endpoints?

This module provides blanket restriction. For granular endpoint control, you would need custom code or a dedicated API management plugin.

What Users Are Saying

"No reason for public API access. Blocked it and sleep better at night."

— Security Focused Site

"The API was exposing user information publicly. Restricting it fixed that."

— Privacy Concerned

"I do not use any apps that need the API. Just an unnecessary open door."

— Simple Blog

Related Modules

SECURITY

Activity Log

Track and log user activities including logins, logouts, post modifications, plugin activations, theme changes, and settings updates for security auditing

activity log audit +2
Learn More →
SECURITY

Disable All Updates

Disable automatic WordPress, plugin, and theme updates completely for production sites where manual update control is required for stability

updates disable maintenance +2
Learn More →
SECURITY

Disable Application Passwords

Disable WordPress application passwords feature to prevent REST API authentication and improve security by removing this authentication method

passwords security disable +2
Learn More →
WPSwitchboard

165+ Modules.
One Plugin. Done.

Security, admin tools, performance, SEO, and more. All in one place.

Get Lifetime Access - $349 $249
Core Modules
165+
Admin Tools, Security, Optimization, and more
Enhance your WordPress admin experience
Admin Tools
Dashboard Enhancements
Customize admin interface
Security & Performance
Optimization Modules
Secure & optimize your site