Block Root REST API Route using custom &/or iThemes

For all REST API routes, the rest_api_init action hook fires when preparing to serve a REST API request. The request URI ($_SERVER[‘REQUEST_URI’]) can be inspected with a regular expression to detect the root (e.g. wp-json) and the route (e.g. /wp/v2/posts) of the request. You can then decide what to return to the client (e.g. WP_Error, friendly message, Link Relation Names with alternative routes, etc).

Update

Found the code snippet below here. You could try adding a conditional statement with Regex on the Request_URI inside the rest_authentication_errors callback to see if it is effective for filtering requests.

<?php
    add_filter( 'rest_authentication_errors', 'wp_snippet_disable_rest_api' );
    function wp_snippet_disable_rest_api( $access ) {
        return new WP_Error( 'rest_disabled', __('The WordPress REST API has been disabled.'), array( 'status' => rest_authorization_required_code()));
    }
?>

Related Posts:

  1. Custom API plugin to execute 3rd party API to retrieve data
  2. Is it a good idea to restrict the REST API
  3. What security concerns should I have when setting FS_METHOD to “direct” in wp-config?
  4. I should enable automatic updates?
  5. Can some vulnerabilities in plugins be exploited even when the plugin is inactive?
  6. Security and Must Use Plugins
  7. Is Timthumb still broken? What security measures should be taken?
  8. Prevent direct access to WordPress plugin assets?
  9. REST route from a plugin not working if WordPress is installed in a subdirectory
  10. Plugin retrieving results even after uninstallation
  11. Is it safe to use admin-ajax.php in the frontend?
  12. Getting a Page via its post-name using WP REST API v2 and Postman
  13. How to protect WordPress from security scanner [closed]
  14. WordPress REST API Plugin Development – Add Custom Endpoint
  15. Specific way to allow WordPress users to view their current password? And edit it?
  16. Too many login attempts
  17. Is there any pre-existing plugin to track and block IPs with suspicious activity on my site?
  18. How to prevent plugins from sniffing/stealing other plugins’ options?
  19. Website show Google Ads when we have no Google Ads linked to our website
  20. How to create WordPress custom end point with multiple parameters?
  21. How to execute plugin and theme updates from a web hook / endpoint?
  22. Vulnerability Concern From the Plugin or From Not Updating the Plugin?
  23. How do I make reusable content blocks for header and footer when using WordPress headless with another front-end?
  24. REST API can’t get the response manually
  25. How to integrate together a website currently hosted WordPress.com and a custom web application currently hosted on Azure?
  26. How to deal with Slow HTTP POST (slowloris) vulnerability
  27. Running multiple security plugins
  28. how do I secure my WP website from hackers? [closed]
  29. Chrome Dev Tools console says every page in my blog has link to http://maps.google.com [closed]
  30. WP Rest API and json_decode()
  31. Webservice credential storage [duplicate]
  32. WordPress /users/me endpoint request forbidden
  33. Regarding plugin security
  34. How do I determine if the user who registered is not spam?
  35. If I use an alternative login (e.g. CAS or other SSO) plugin, is my site protected from the recent brute force login attempts?
  36. Is this plugin safe to run?
  37. Is the Block Bad Queries Plugin Still Relevant?
  38. WP Insert Post If user refreshes override new post
  39. 404 errors when updating options in admin dashboard
  40. Website Captcha Error: The reCAPTCHA wasn’t entered correctly
  41. Hide plugins and theme from public
  42. Seperate plugin and theme files
  43. WordPress search shows protected content
  44. Change Dashboard URL from wp-admin to wp-admin/index.php
  45. WordPress Media Library Folders + Custom Linux Server Hosting
  46. Security of a WordPress Plugin
  47. Can I disable xml-rpc by setting it to false?
  48. wc_get_template_part doesnt display the content [duplicate]
  49. WordPress REST API: Query media files attached to a custom post type
  50. How can I disable new plugin and theme install, but allow updates?
  51. Help to Create a Simple Plugin to make a post
  52. I’m receiving the following error using the below code: Uncaught Error: Cannot use object of type WP_REST_Response as array
  53. Validating ajax search
  54. How to send SMS notification to customer after click on submit?
  55. Content-Security-Policy implementation with WordPress W3Total Cache plugin installed
  56. How to send the featured image of a post to an API?
  57. Escape commas in REST API
  58. WordPress disable direct access of files in WordPress installation path
  59. How to authenticate via API to allow writes/updates
  60. Do i need to use a plugin for third party api integration?
  61. Asking help regarding potential malware
  62. Adding Custom Endpoint in WordPress Rest API
  63. One WooCommerce Store to multi distributor sites
  64. prevent anonymous access to WordPress site (non-admin site)
  65. Custom REST API POST Endpoint Not Working, 404 Error
  66. Getting all woocommerce products from REST API call in plugin
  67. is it possible to fetch data from a remote api while admin is writing a new post?
  68. add tags to wordpress post using REST API
  69. WordPress output data to another website and pull data
  70. Hide response returned from WordPress REST API call
  71. How much PHP and MySQL or MariaDB knowledge should I know to start writing WordPress themes and plug-ins and whatever else a beginner can edit?
  72. How achive serving multiple concurrent Ajax / Rest calls in plugin?
  73. Bing/msn bots is heavily requesting random of my website
  74. CRUD from WordPress to Business Central 365 through OData REST API
  75. WP Rest Api GET method restriction on route, but POST method also works
  76. “Fire Secure” menu item
  77. Showing how many times is plugin activated or deactivated
  78. Modifying server’s response to API endpoint
  79. Can’t access 3rd party API, code works on local server but not on wordpress
  80. Is it possible to custom set query for a WordPress REST API response?
  81. How can I add a permissions callback to the REST API index pages?
  82. Securing a plugin pop-up window
  83. How to get data from a private API and add it to wordpress pages
  84. https rewrite not working for All in one security Brute force > rename login url
  85. Fetching users data from REST API
  86. Consume legacy rest api dependent upon WP API plugin
  87. wp rest api (v2) filter not working (404 error – rest_no_route)
  88. WordPress PHP error getting posts from another wordpress blog
  89. custom REST endpoint not passing body of POST request to callback
  90. Fetching WP.me shortlinks for posts using WP Rest API
  91. Upload image to wordpress using ionic/cordova with WP REST API V2
  92. WP Rest API v2.0 user profile update issue
  93. Redux framework somehow added to my site, can’t locate in plugins
  94. Sending post data over REST API, how to parse shortcodes in post_content?
  95. How to do rest APi with wordpress
  96. Being hacked. Is there a list of WordPress security holes I can check against?
  97. wp_verify_nonce fails always
  98. How can i see/log all requests coming from a registration form (not from the UI)?
  99. Write mysql credentials in plugin
  100. Site is continuously accessing by several IPs
Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)