rest-api - Read For Learn

WordPress 4.7.1 REST API still exposing users

This code snippet will hide the users, posts, and comments endpoint results and give 404 as the result, while the rest of the API calls keep running as they were. ::UPDATE:: add_filter(‘rest_endpoints’, function(){ $toRemove = [‘users’, ‘posts’, ‘comments’]; foreach($toRemove as $val) { if (isset($endpoints[‘/wp/v2/’.$val])) { unset($endpoints[‘/wp/v2/’.$val]); } if(isset($endpoints[‘/wp/v2/’.$val.’/(?P<id>[\d]+)’])) { unset($endpoints[‘/wp/v2/’.$val.’/(?P<id>[\d]+)’]); } } return $endpoints; }); … Read more

Is the WordPress REST API installed and enabled in a vanilla WordPress 4.7 installation?

4.7 has it enabled by default. The easy way to check if it is working is just to visit the example.com/wp-json url, and you should get a list of registered end points there There is no official option to disable it as (at least there was a talk about it not sure if it got … Read more