Disable external access to REST API Endpoint

I would suggest to not use WP REST API for this purpose, since it’s being used on homepage and not any remote app/service.

The REST API is supposed to grant access to any already publicly available data to a remote developer.
Since you’re not providing any public data but registering users from homepage, Ajax might be a good alternative.
From official WordPress REST API Handbook

WordPress REST API provides API endpoints for WordPress data types that allow developers to interact with sites remotely by sending and receiving JSON (JavaScript Object Notation) objects. 

However this is not its only use case.

I would suggest to use Ajax for this purpose.

  • Include the nonce with Ajax request.

  • Hook the Ajax request handler with wp_ajax_nopriv action.

This makes sure the user is not logged in and the nonce makes sure that the form was generated by WordPress.

There are plugins already available for Ajax user registration, premium and free, WordPress plugins repository will be a good start.
I hope this alternative approach helps.

Leave a Comment

deneme bonusu veren sitelerbahis casinomakrobetceltabetpinbahispolobetpolobet girişpinbahis girişmakrobet girişpulibet girişmobilbahis girişkolaybet giriş