WordPress 4.4 added the much anticipated JSON REST API. It is great for plugin developers, but many site owners may not find it useful at all. In this article, we will show you how to easily disable the JSON REST API in WordPress.
Why You Need to Disable JSON REST API in WordPress?
There is no denying that the API will bring lots of benefits for WordPress developers. However, some website owners may not be using those features at all. The API makes it super easy to retrieve data using GET requests. This is extremely useful for those building apps with WordPress.
Having that said, this could potentially open your website to a new front of DDoS attacks. It can be resource intensive and slow down your website.
It is similar to disabling XML-RPC, which many site admins disable on their WordPress sites just to be on the safe side.
Disabling JSON REST API in WordPress
add_filter('json_enabled', '__return_false'); add_filter('json_jsonp_enabled', '__return_false');
This code simply uses the built-in filters to disable the JSON and JSONP APIs.
For those of you who don’t want to manually add the code, you can install and activate the Disable JSON API plugin. The plugin works out of the box, and there are no settings for you to configure. Simply activating the plugin will disable the API on your site.
We hope this article helped you learn how to Disable JSON API in WordPress. Security conscious users may also want to checkout these tips on protecting WordPress admin area.