Disable REST API
Disable the use of the REST API on your website to site users. Now with User Role support!
4.8(38 reviews)
·90K+ active installs·Updated 2 years agoAs of April 2026, Disable REST API is a WordPress api plugin with 90K+ active installations and a 4.8/5 rating from 38 reviews. It has been downloaded 756K+ times in total. Requires WordPress 4.9+ and PHP 5.6+. Available on WordPress.org since 2014. Last updated 2 years ago — may have compatibility concerns. Download volume is stable this week. Top alternative: WP Consent API.
4.8/538 reviews
90K+active installs
756K+total downloads
12 yearssince 2014
Overview
The most comprehensive plugin for controlling access to the WordPress REST API!
Works as a “set it and forget it” install. Just upload and activate, and the entire REST API will be inaccessible to your general site visitors.
But if you do need to grant access to some endpoints, you can do that too. Go to the Settings page and you can quickly whitelist individual endpoints (or entire branches of endpoints) in the REST API.
You can even do this on a per-user-role basis, so your unauthenticated users have one set of rules while WooCommerce customers have another while Subscribers and Editors and Admins all have their own. NOTE: Out of the box, all defined user roles will still be granted full access to the REST API until you choose to manage those settings.
For most versions of W…
Screenshots
Ratings & Reviews
4.838 reviews
5 ★
36
4 ★
0
3 ★
1
2 ★
0
1 ★
1
Recent Reviews
Excellent
by graphicvision1·1 year ago
What else can I say, this plugin does exactly what its supposed to do. It’s easy to understand and works perfectly. So well done!
Fantastic
by Wombat Plugins·2 years ago
The plugin does what it says on the tin, without being pretentious. Absolutely fantastic!
One of the must have plugins.
by ucsendre·2 years ago
I always start my WordPress installations with this plugin (among a few other ones).
A must have on all sites.
Thank you.
Still works on WP 6.2
by mw815371·3 years ago
The plugin still works for me on WordPress 6.2. It’s great to have the option to allow API access where I need it and block everything else.
Just what I was looking for
by Ronny Adsetts·3 years ago
Allows locking the WP API behind auth and selectively allowing it where needed. Despite the lack of plugin updates, the author does have an active github repo so don’t let that put you off.
Download Trends
Today: 185Yesterday: 150This week: 990Period total: 54K
Compatibility
| WordPress | 4.9+ requiredTested up to 6.3.8 |
| PHP | 5.6+ required |
Version Adoption
v1.8
80.7%
v1.7
10.2%
Other
9.1%
Top Alternatives to Disable REST API
Frequently Asked Questions
Changelog
1.8
- Tested up to WP v6.3
- Added
dra_error_messagefilter so devs can customize the access error message - Fixed bug that caused fatal errors if activating plugin on installations running the LearnPress plugin
- Changed minimum requirements to PHP 5.6 (up from 5.3) and WordPress 4.9 (up from 4.4). Adding docblock comments to support minimums.
Contributors
Plugin data sourced from WordPress.org. Analysis and metrics by PluginSift.