I want to hide the definition of endpoints in a WordPress rest api... in the case of https://www.wpwhitesecurity.com/wp-json I want to return a 404 or an empty array, but not the list of endpoints of the site.
Some idea?
Thanks!
2 Answers
3
votes
From version 4.4.0 exists the hook rest_index, the documentation in https://developer.wordpress.org/reference/hooks/rest_index/ describes :
This contains the data describing the API. This includes information about supported authentication schemes, supported namespaces, routes available on the API, and a small amount of data about the site.
The next code is working perfectly as I needed :
function my_site_rest_index( $response ){
return array();
}
add_filter('rest_index', 'my_site_rest_index');
2
votes
function chuck_disable_rest_endpoints( $access ) {
if( ! is_user_logged_in() ) {
return new WP_Error( 'rest_cannot_access', __( 'Only logged users are able to call REST API.', 'disable-json-api' ), array( 'status' => rest_authorization_required_code() ) );
}return $access;
}
add_filter( 'rest_authentication_errors', 'chuck_disable_rest_endpoints' );
This will return that only logged users can access to API
