Block Root REST API Route using custom &/or iThemes

For all REST API routes, the rest_api_init action hook fires when preparing to serve a REST API request. The request URI ($_SERVER[‘REQUEST_URI’]) can be inspected with a regular expression to detect the root (e.g. wp-json) and the route (e.g. /wp/v2/posts) of the request. You can then decide what to return to the client (e.g. WP_Error, friendly message, Link Relation Names with alternative routes, etc).

Update

Found the code snippet below here. You could try adding a conditional statement with Regex on the Request_URI inside the rest_authentication_errors callback to see if it is effective for filtering requests.

<?php
    add_filter( 'rest_authentication_errors', 'wp_snippet_disable_rest_api' );
    function wp_snippet_disable_rest_api( $access ) {
        return new WP_Error( 'rest_disabled', __('The WordPress REST API has been disabled.'), array( 'status' => rest_authorization_required_code()));
    }
?>

Related Posts:

  1. Custom API plugin to execute 3rd party API to retrieve data
  2. WP Rest API: details of latest post including featured media url in one request?
  3. I found this in a plugin. What does it do? is it dangerous?
  4. Disabled plugins are they security holes – rumor or reality?
  5. How Can I Securely Implement a Password-less Login Feature?
  6. run silex or slim with wordpress
  7. Security and .htaccess
  8. Are there procedures to prevent malicious plugin updates?
  9. Should we use plugins that aren’t available from the official WordPress site?
  10. How to check plugins for malicious code?
  11. How to properly secure my WordPress installation?
  12. Why allow overriding crucial pluggable functions wp_verify_nonce and wp_create_nonce?
  13. Where should my plugin POST to?
  14. WordPress pods io – Rest API for fetching fields information for custom post type
  15. Security error WP 4.0 + WP phpBB Bridge [closed]
  16. Should I install plugins to my WordPress installation from web sites having in URL “nulled” or, “null”?
  17. Store post in raw markdown format, no html?
  18. Prevent Brute Force Attack
  19. REST-API: extend media-endpoint
  20. Questions about brute force attacks on the admin username, coming from amazon IP addresses
  21. How to expire all wordpress user passwords instantly?
  22. Keep user’s privileges on accessing contents in JSON response
  23. Weird problems after recovery from security breach
  24. How to retrieve custom meta term of category taxonomy from WP Rest API?
  25. Escape when echoed
  26. Should you escape hardcoded URLs?
  27. Preventing BFA in WordPress without using a plugin
  28. How to stop xmlrpc attacks without disabling component to allow JetPack to work in WordPress?
  29. WordPress filter that hook after each action/filter hook
  30. How to delete Passwrd Protected posts cookies when a user logged out from the site
  31. Upgraded to latest version – 3.0.3 and Now I get a “sufficient permissions to access this page” error
  32. How to save generated JWT token to cookies on login?
  33. How to block plugin activations with no known user or coming from unknown IP address range?
  34. Check for security updates
  35. How to modify WCMP Rest API response?
  36. Standard Fail2Ban vs. WP Fail2ban vs. WP Fail2Ban Redux
  37. wp_remote_get() returns 403 while file_get_contents() does not
  38. Ability to make API calls out of WordPress as well as executing SQL?
  39. Ajax with plugins returns 0
  40. Why can’t I access my Intranet LDAPS with NADI?
  41. Set plugin-values when creating post via REST-API
  42. Malicious File Upload [closed]
  43. AFNetworking incorrectly interpreted WP_Error
  44. Stop Plugin Enumeration [closed]
  45. Malware installation during plugin update?
  46. Hack-Proof OR Security in WordPress — is it real?
  47. Security and Must Use Plugins
  48. Is Timthumb still broken? What security measures should be taken?
  49. Plugin retrieving results even after uninstallation
  50. Is it safe to use admin-ajax.php in the frontend?
  51. How to protect WordPress from security scanner [closed]
  52. Specific way to allow WordPress users to view their current password? And edit it?
  53. How to prevent plugins from sniffing/stealing other plugins’ options?
  54. How to create WordPress custom end point with multiple parameters?
  55. Vulnerability Concern From the Plugin or From Not Updating the Plugin?
  56. REST API can’t get the response manually
  57. How do I determine if the user who registered is not spam?
  58. If I use an alternative login (e.g. CAS or other SSO) plugin, is my site protected from the recent brute force login attempts?
  59. WP Insert Post If user refreshes override new post
  60. 404 errors when updating options in admin dashboard
  61. Website Captcha Error: The reCAPTCHA wasn’t entered correctly
  62. Can I disable xml-rpc by setting it to false?
  63. How can I disable new plugin and theme install, but allow updates?
  64. Help to Create a Simple Plugin to make a post
  65. Validating ajax search
  66. How to send SMS notification to customer after click on submit?
  67. Content-Security-Policy implementation with WordPress W3Total Cache plugin installed
  68. How to send the featured image of a post to an API?
  69. WordPress disable direct access of files in WordPress installation path
  70. Asking help regarding potential malware
  71. One WooCommerce Store to multi distributor sites
  72. Custom REST API POST Endpoint Not Working, 404 Error
  73. add tags to wordpress post using REST API
  74. WordPress output data to another website and pull data
  75. Hide response returned from WordPress REST API call
  76. How achive serving multiple concurrent Ajax / Rest calls in plugin?
  77. “Fire Secure” menu item
  78. Showing how many times is plugin activated or deactivated
  79. Modifying server’s response to API endpoint
  80. How to get data from a private API and add it to wordpress pages
  81. https rewrite not working for All in one security Brute force > rename login url
  82. Fetching users data from REST API
  83. Consume legacy rest api dependent upon WP API plugin
  84. Redux framework somehow added to my site, can’t locate in plugins
  85. Sending post data over REST API, how to parse shortcodes in post_content?
  86. How to do rest APi with wordpress
  87. Being hacked. Is there a list of WordPress security holes I can check against?
  88. wp_verify_nonce fails always
  89. Validating values using Settings API?
  90. Problem with permissions in wp-content/plugins
  91. Extend WordPress REST API with Scheme Pro Plugin
  92. My WP site and password was hacked, what to do? [closed]
  93. How to resolve these findings from security audit
  94. wordpress Ajax success doesn’t return the value
  95. How can I send api calls from my plugin?
  96. How to rename files during upload to a random string?
  97. Update post meta Rest Api
  98. Is option_active_plugins actually doing anything useful?
  99. How to update a lot of posts on my WP site with additional content?
  100. how to update WordPress plugins from external website with nodejs?