Disable WP REST API
Disables the WP REST API for visitors not logged into WordPress.
4.8(36 reviews)
·30K+ active installs·Updated 1 week agoAs of April 2026, Disable WP REST API is a WordPress api plugin with 30K+ active installations and a 4.8/5 rating from 36 reviews. It has been downloaded 368K+ times in total. Requires WordPress 4.7+ and PHP 5.6.20+. Available on WordPress.org since 2018. Actively maintained — updated within the last month. Download volume is stable this week. Top alternative: WP Consent API.
4.8/536 reviews
30K+active installs
368K+total downloads
8 yearssince 2018
Overview
Does one thing: Completely disables the WordPress REST API for visitors who are not logged into WordPress. No configuration required.
Important: This plugin completely disables the WP REST API for visitors who are NOT logged in to WordPress. So not recommended if your site needs the WP REST API for any non-logged users.
👉 The fast, simple way to prevent abuse of your site’s REST/JSON API
👉 Protects your site’s REST data from all non-logged users and bots
👉 Uses only 4KB of code, so super lightweight, fast, and effective
Features
- Disable REST/JSON for visitors (not logged in)
- Disables REST header in HTTP response for all users
- Disables REST links in HTML head for all users
- 100% plug-and-play, set-it-and-forget solution
How does it work?
This plugin completely disables the…
Ratings & Reviews
4.836 reviews
5 ★
34
4 ★
0
3 ★
1
2 ★
0
1 ★
1
Recent Reviews
good job
by pftsoi·6 months ago
good job
Very simple and effective
by terrymason·1 year ago
just activate the plugin and it works.
I like it!
by wildstar2022·1 year ago
I’ve tried many different solutions using functions.php because I did not want to install yet another plugin.
I’m glad I found this one though. It’s simple, lightweight, maintains privacy, and functions with the latest version of WordPress.
Thanks Jeff!
Good Stuff – but make many other things more complicate
by metaeditor·3 years ago
In generel a Good security concept .
But at the other end many plugin developer use the Rest API
Could be done much easier with a 5 3 line htaccess rule to block only ^.*wp-json/wp/v2/(users
But anyway a good solution if you have a simpel installation.
Blocks Contact Form 7 forms sending
by Hendrik57·3 years ago·6 replies
As the title says: Blocks Contact Form 7 forms sending after install and activate.
- This topic was modified 3 years, 1 month ago by Hendrik57.
Download Trends
Today: 134Yesterday: 172This week: 1KPeriod total: 103K
Compatibility
| WordPress | 4.7+ requiredTested up to 7.0 |
| PHP | 5.6.20+ required |
Version Adoption
v2.6
94.6%
Other
5.4%
Top Alternatives to Disable WP REST API
Frequently Asked Questions
Changelog
If you like Disable WP REST API, please take a moment to give a 5-star rating. It helps to keep development and support going strong. Thank you!
2.6.7
- Adds GNU/GPL license information
- Improves readme.txt documentation
- Tests on PHP 8.4 and 8.5
- Tests on WordPress 6.9
Full changelog @ https://plugin-planet.com/wp/changelog/disable-wp-rest-api.txt
Contributors
Plugin data sourced from WordPress.org. Analysis and metrics by PluginSift.