{"id":71637,"date":"2023-07-03T15:30:00","date_gmt":"2023-07-03T12:30:00","guid":{"rendered":"https:\/\/themeisle.com\/blog\/?p=71637"},"modified":"2025-06-04T20:53:20","modified_gmt":"2025-06-04T17:53:20","slug":"disable-wordpress-rest-api","status":"publish","type":"post","link":"https:\/\/themeisle.com\/blog\/disable-wordpress-rest-api\/","title":{"rendered":"How to Disable WordPress REST API (2 Expert-Tested Ways)"},"content":{"rendered":"\n<p>You don&rsquo;t always need WordPress REST API. In fact, sometimes you&rsquo;re better off without it.<\/p>\n\n\n\n<p>This post is for people who want to shut it down fast. Maybe you&rsquo;re worried about someone poking around your site&rsquo;s data. Maybe your server&rsquo;s feeling the load. Maybe you just want one less thing &ldquo;exposed.&rdquo; Whatever your reason, I&rsquo;ll show you how to disable the REST API cleanly and completely.<\/p>\n\n\n\n<!--more-->\n\n\n\n<p>I&rsquo;m not going to over-complicate it. You&rsquo;ll get <strong>two plugin methods<\/strong> and <strong>two code snippet methods.<\/strong> One blocks the whole thing like it never existed. The other leaves it technically &ldquo;on&rdquo; but blocks every call with a clear message. You&rsquo;ll know exactly when to use each one and why.<\/p>\n\n\n\n<div class=\"wp-block-group keyt\"><div class=\"wp-block-group__inner-container is-layout-constrained wp-block-group-is-layout-constrained\">\n<p><strong>Key Takeaways<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"#method-1-using-a-plugin\">Install a plugin<\/a> like &ldquo;Disable WP REST API&rdquo; to turn off REST API instantly without needing to write any code.<\/li>\n\n\n\n<li>Use <a href=\"#a-prevent-endpoint-registration\">a code snippet<\/a> to completely block REST routes, returning 404s and improving performance by not registering endpoints at all.<\/li>\n\n\n\n<li>Use <a href=\"#b-deny-every-incoming-request\">a different code snippet<\/a> if you want to keep endpoints visible but return a clear JSON error for every request.<\/li>\n<\/ul>\n<\/div><\/div>\n\n\n    \r\n    <style>\r\n        :root {\r\n        --jtoc-progress-bar-color: #4267cf;\n        }\r\n                    .wpj-jtoc.--jtoc-theme-none.--jtoc-has-custom-styles {\r\n        --jtoc-width: 100%;\n--jtoc-toc-padding: 24px;\n--jtoc-toc-border: 1px solid;\n--jtoc-toc-border-color: #dedede;\n--jtoc-background-color: #f6f7f9;\n--jtoc-header-height: 20px;\n--jtoc-header-margin: 0;\n--jtoc-header-padding: 0;\n--jtoc-title-color: #393939;\n--jtoc-title-font-size: 1.2em;\n--jtoc-title-label-font-weight: 400;\n--jtoc-body-margin: 16px 0 0 0;\n--jtoc-body-padding: 0;\n--jtoc-headings-margin: 10px 0 0 0;\n--jtoc-link-font-size: 1em;\n--jtoc-link-font-weight: 400;\n--jtoc-link-color: #848484;\n--jtoc-link-color-hover: #4a66c8;\n--jtoc-link-color-active: #4a66c8;\n        }\r\n        .--jtoc-the-content{\r\ndisplay:none;\r\n}\r\n.--jtoc-is-active>.wpj-jtoc--item-content>a:before{\r\nmargin-left:3px;\r\n}\r\n.wpj-jtoc--nav>.wpj-jtoc--items li a::before{\r\ncontent:'\\203A';\r\ndisplay:block;\r\nfloat:left;\r\nheight:100%;\r\nfont-weight:700;\r\ncolor:#4267CF;\r\nline-height: 20px;\r\nmargin-right: 3px;\r\n}\r\n.sidebar .wpj-jtoc--toc{\r\nborder:0;\r\npadding:0;\r\n}\r\n.sidebar .wpj-jtoc--header,\r\n.sidebar .wpj-jtoc--body{\r\nbackground:transparent;\r\n}\r\n\r\n.sidebar .--jtoc-is-active>.wpj-jtoc--item-content>a{\r\ntext-decoration:none;\r\n}\r\n.sidebar-left .widget-first{\r\nposition:sticky;\r\ntop:70px;\r\nmargin-bottom:1250px;\r\n}\r\n.sidebar-left{\r\ndisplay:none;\r\nmax-width:300px;\r\nposition:absolute;\r\nleft:-330px;\r\ntop:0;\r\nheight:100%;\r\n}\r\n@media only screen and (max-width: 1900px) {\r\n.single-post .sidebar-left{\r\ndisplay:none !important;\r\n}\r\n.--jtoc-the-content{\r\ndisplay:block;\r\n}\r\n@media only screen and (max-width: 400px) {\r\n.wpj-jtoc--item .wpj-jtoc--item-content{\r\nmargin-top:5px;\r\n}\r\n.wpj-jtoc--header-main .wpj-jtoc--title{\r\nfont-size:1.1em;\r\n}\r\n}    <\/style>\r\n\r\n\r\n    <!-- jtoc progress bar widget -->\r\n    <div class=\"wpj-jtoc--widget-progress --progress-top\">\r\n        <div class=\"wpj-jtoc--widget-progress-bar\"><\/div>\r\n    <\/div>\r\n\r\n<div id=\"wpj-jtoc\" class=\"wpj-jtoc wpj-jtoc--main --jtoc-the-content --jtoc-theme-none --jtoc-title-align-left --jtoc-toggle-icon --jtoc-toggle-position-right --jtoc-toggle-1 --jtoc-header-as-toggle --jtoc-headings-full-row-clickable --jtoc-floating-toc-top --jtoc-floating-has-shadow --jtoc-has-custom-styles --jtoc-is-unfolded\" >\r\n            \r\n    <!-- TOC -->\r\n    <div class=\"wpj-jtoc--toc \">\r\n                            <div class=\"wpj-jtoc--header\">\r\n                <div class=\"wpj-jtoc--header-main\">\r\n                                        <div class=\"wpj-jtoc--title\">\r\n                        <!-- <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"16\" height=\"16\" viewBox=\"0 0 24 24\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"2\" stroke-linecap=\"round\" stroke-linejoin=\"round\" class=\"lucide lucide-columns-3\"><rect width=\"18\" height=\"18\" x=\"3\" y=\"3\" rx=\"2\"\/><path d=\"M9 3v18\"\/><path d=\"M15 3v18\"\/><\/svg> -->\r\n                        <span class=\"wpj-jtoc--title-label\">Table of contents<\/span>\r\n                    <\/div>\r\n                                                        <\/div>\r\n            <\/div>\r\n                                <div class=\"wpj-jtoc--body\">\r\n                        <nav class=\"wpj-jtoc--nav\">\r\n                <ol class=\"wpj-jtoc--items\"><li class=\"wpj-jtoc--item --jtoc-h2\">\r\n        <div class=\"wpj-jtoc--item-content\" data-depth=\"2\">\r\n                        <a href=\"#h-what-is-the-rest-api\" title=\"What is the REST API?\" data-numeration=\"1\" >What is the REST API?<\/a>\r\n                    <\/div> <\/li><li class=\"wpj-jtoc--item --jtoc-h2\">\r\n        <div class=\"wpj-jtoc--item-content\" data-depth=\"2\">\r\n                        <a href=\"#h-why-you-might-want-to-disable-the-rest-api-in-wordpress\" title=\"Why you might want to disable the REST API in WordPress\" data-numeration=\"2\" >Why you might want to disable the REST API in WordPress<\/a>\r\n                    <\/div> <\/li><li class=\"wpj-jtoc--item --jtoc-h2\">\r\n        <div class=\"wpj-jtoc--item-content\" data-depth=\"2\">\r\n                        <a href=\"#h-how-to-disable-wordpress-rest-api-best-methods\" title=\"How to disable WordPress REST API\" data-numeration=\"3\" >How to disable WordPress REST API<\/a>\r\n                    <\/div> <ol class=\"wpj-jtoc--items\"><li class=\"wpj-jtoc--item --jtoc-h3\">\r\n        <div class=\"wpj-jtoc--item-content\" data-depth=\"3\">\r\n                        <a href=\"#method-1-using-a-plugin\" title=\"Method 1: Using a plugin \ud83d\udd0c\" data-numeration=\"3.1\" >Method 1: Using a plugin \ud83d\udd0c<\/a>\r\n                    <\/div> <\/li><li class=\"wpj-jtoc--item --jtoc-h3\">\r\n        <div class=\"wpj-jtoc--item-content\" data-depth=\"3\">\r\n                        <a href=\"#method-2-using-a-code-snippet\" title=\"Method 2: Using a code snippet \ud83d\udcbe\" data-numeration=\"3.2\" >Method 2: Using a code snippet \ud83d\udcbe<\/a>\r\n                    <\/div> <\/li><\/ol><\/li><li class=\"wpj-jtoc--item --jtoc-h2\">\r\n        <div class=\"wpj-jtoc--item-content\" data-depth=\"2\">\r\n                        <a href=\"#h-conclusion\" title=\"Conclusion\" data-numeration=\"4\" >Conclusion<\/a>\r\n                    <\/div> <\/li><\/ol>            <\/nav>\r\n                                                        <\/div>\r\n            <\/div>\r\n<\/div>\r\n\n\n\n<h2 class=\"wp-block-heading joli-heading jtoc-heading\" id=\"h-what-is-the-rest-api\">What is the REST API?<\/h2>\n\n\n\n<p>The answer will really depend on how technical you want to get about this.<\/p>\n\n\n\n<p>Let me give you two versions of the answer actually. First, <strong>what WordPress REST API is in a nutshell:<\/strong><\/p>\n\n\n\n<p>The WordPress REST API turns your WordPress site into a JSON-based web service.<\/p>\n\n\n\n<p>Any client (browser, mobile app, another server) can use standard HTTP requests to read or manipulate posts, pages, comments, users, and custom data. All that without having to load a <a href=\"https:\/\/themeisle.com\/blog\/php\/\">PHP<\/a>-rendered page.<\/p>\n\n\n\n<p>It&rsquo;s what powers modern JavaScript-heavy interfaces (like the crowd favorite <a href=\"https:\/\/themeisle.com\/blog\/writers-bloggers-opinions-of-wordpress-block-editor\/\">block editor<\/a>), headless WordPress setups, and third-party integrations.<\/p>\n\n\n\n<p>If you&rsquo;re not using it, or if you worry about exposing data, you can disable or lock it down.<\/p>\n\n\n<div class=\"su-spoiler su-spoiler-style-fancy su-spoiler-icon-plus\" data-scroll-offset=\"0\" data-anchor-in-url=\"no\"><div class=\"su-spoiler-title\" tabindex=\"0\" role=\"button\"><span class=\"su-spoiler-icon\"><\/span><strong>A more technical take on the REST API:<\/strong> <\/div><div class=\"su-spoiler-content su-u-clearfix su-u-trim\">\n\n\n\n<p>The WordPress REST API is a system of HTTP endpoints that lets you interact with your WordPress data (think posts, pages, etc.) from outside the native dashboard.<\/p>\n\n\n\n<p>In other words, REST &ldquo;exposes&rdquo; WordPress content and functionality as <a href=\"https:\/\/themeisle.com\/blog\/json\/\">JSON<\/a>-formatted data over otherwise standard HTTP requests.<\/p>\n\n\n\n<p>REST stands for <em>Representational State Transfer<\/em>. I know, this doesn&rsquo;t tell a lot, but in practical terms it means:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>You use standard HTTP methods like <code>GET<\/code>, <code>POST<\/code>, <code>PUT\/PATCH<\/code>, <code>DELETE<\/code> to interact with data on a WordPress site.<\/li>\n\n\n\n<li>The server (meaning WordPress) returns data in a format that&rsquo;s easy to process &ndash; typically JSON.<\/li>\n\n\n\n<li>Each &ldquo;thing&rdquo; (a post, a user, a comment, etc.) has its own unique URL (aka. &ldquo;endpoint&rdquo;).<\/li>\n<\/ul>\n\n\n\n<p>So REST API is simply an API that allows you to follow the above and use it to communicate with a WordPress site through special URLs, like this one:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>https:\/\/YOURSITE.com\/wp-json\/wp\/v2<\/code><\/pre>\n\n\n\n<p>You&rsquo;ll find a number of endpoints under a URL like that:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>GET <code>\/wp-json\/wp\/v2\/posts<\/code><\/li>\n\n\n\n<li>GET <code>\/wp-json\/wp\/v2\/posts\/{id}<\/code><\/li>\n\n\n\n<li>POST <code>\/wp-json\/wp\/v2\/posts<\/code><\/li>\n\n\n\n<li>PUT\/PATCH <code>\/wp-json\/wp\/v2\/posts\/{id}<\/code><\/li>\n\n\n\n<li>DELETE <code>\/wp-json\/wp\/v2\/posts\/{id}<\/code><\/li>\n<\/ul>\n\n\n\n<p>Let&rsquo;s not get into the specifics on how to interact with them, but just know that REST API has a number of possible applications, such as:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Headless sites or interfaces &ndash; using WordPress data in a different wrapper.<\/li>\n\n\n\n<li>Mobile apps &ndash; similar.<\/li>\n\n\n\n<li>Third-party integrations with tools like Zapier, IFTTT, and others.<\/li>\n\n\n\n<li>Enhanced UI or core features. So the block editor is essentially a React app that lives inside wp-admin, speaking to WordPress via REST endpoints behind the scenes.<\/li>\n<\/ul>\n\n\n<\/div><\/div>\n\n\n\n\t\t<div class=\"ti-tweet-clear\"><\/div>\n\t\t\t<div class=\"ti-tweet_wrapper\">\n\t\t    \t<div class=\"ti-tweet_text\">\n\t\t    \t\t<a href=\"https:\/\/twitter.com\/share?text=How+to+disable+%23WordPress+REST+API+%F0%9F%9B%91+Once%2C+and+for+all%21&amp;via=themeisle&amp;related=themeisle&amp;url=https:\/\/themeisle.com\/blog\/disable-wordpress-rest-api\/\" target=\"_blank\" rel=\"nofollow\">How to disable #WordPress REST API &#128721; Once, and for all!<\/a>\n\t\t    \t<\/div>\n\t\t    \t<div class=\"ti-tweet_sharebtn\">\n\t\t    \t<a href=\"https:\/\/twitter.com\/share?text=How+to+disable+%23WordPress+REST+API+%F0%9F%9B%91+Once%2C+and+for+all%21&amp;via=themeisle&amp;related=themeisle&amp;url=https:\/\/themeisle.com\/blog\/disable-wordpress-rest-api\/\" target=\"_blank\" rel=\"nofollow\">Click To Tweet \n\t\t    \t\t<span><\/span>\n\t\t    \t<\/a>\n\t\t    <\/div>\n\t\t<\/div>\n\n\n\n<h2 class=\"wp-block-heading joli-heading jtoc-heading\" id=\"h-why-you-might-want-to-disable-the-rest-api-in-wordpress\">Why you might want to disable the REST API in WordPress<\/h2>\n\n\n\n<p>Okay, so if REST API is so awesome then why would you want to disable it? There are a couple of reasons you might want to do it:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Security\/privacy concerns. By default, even unauthenticated users can fetch &ldquo;public&rdquo; data (like a list of published posts or the list of users\/authors). This might not be the best situation if you&rsquo;re running a site that&rsquo;s not meant to be 100% public.<\/li>\n\n\n\n<li>Performance. Every registered REST route adds a bit of overhead to your site&rsquo;s initialization. On very high-traffic sites (or with many custom endpoints), this can add up.<\/li>\n\n\n\n<li>Fewer attack points. Every endpoint is potentially one more place for bots or attackers to hit.<\/li>\n<\/ul>\n\n\n\n<p>Okay, so with all that said, how do you actually disable REST API in WordPress?<\/p>\n\n\n<div class=\"su-divider su-divider-style-dotted\" style=\"margin:40px 0;border-width:1px;border-color:#999999\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading joli-heading jtoc-heading\" id=\"h-how-to-disable-wordpress-rest-api-best-methods\">How to disable WordPress REST API (best methods)<\/h2>\n\n\n\n<p>As with most things in WordPress, there are two paths you can take:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>The plugin approach<\/li>\n\n\n\n<li>The manual approach<\/li>\n<\/ol>\n\n\n\n<p>Though the manual approach isn&rsquo;t actually much harder, and can be better in some scenarios.<\/p>\n\n\n<div class=\"su-divider su-divider-style-default\" style=\"margin:40px 0;border-width:15px;border-color:#4267cf\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading joli-heading jtoc-heading\" id=\"method-1-using-a-plugin\">Method 1: Using a plugin &#128268;<\/h3>\n\n\n\n<p>There are more than a handful of plugins that let you disable REST API, and they will all do the job well. I&rsquo;m saying this just to make clear that there isn&rsquo;t only &ldquo;one correct solution&rdquo; here.<\/p>\n\n\n\n<p>My two favorite ones are:<\/p>\n\n\n\n<p>&#128073; <strong>(a)<\/strong> A plugin simply called &ldquo;<a href=\"https:\/\/wordpress.org\/plugins\/disable-wp-rest-api\/\" target=\"_blank\" rel=\"noopener\">Disable WP REST API<\/a>&rdquo; &ndash; the name makes it clear, doesn&rsquo;t it?<\/p>\n\n\n\n<p>It&rsquo;s also super-easy to use, since you only have to install and activate it&hellip;and that&rsquo;s it. No settings, no dashboard panel.<\/p>\n\n\n\n<p>What happens is that this plugin completely disables REST API unless the user is logged into WordPress. Therefore:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>For logged-in users, REST API works normally.<\/li>\n\n\n\n<li>For not-logged-in users, REST API is disabled. Perfect!<\/li>\n<\/ul>\n\n\n\n<p>&#128073; <strong>(b)<\/strong> A plugin called &ldquo;<a href=\"https:\/\/wordpress.org\/plugins\/admin-site-enhancements\/\" target=\"_blank\" rel=\"noopener\">Admin and Site Enhancements (ASE)<\/a>.&rdquo;<\/p>\n\n\n\n<p>This one&rsquo;s a bit more feature rich &ndash; it does a lot more than just letting you disable REST API. I&rsquo;m listing it since you might decide this is going to be a better solution in your case if you&rsquo;re going to end up using more of the plugin&rsquo;s features.<\/p>\n\n\n\n<p>When it comes to disabling REST API, there&rsquo;s a simple toggle in the plugin&rsquo;s settings for that:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full blog-img-std\"><img data-opt-id=1795226613  fetchpriority=\"high\" decoding=\"async\" width=\"1561\" height=\"689\" src=\"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/06\/rest-toggle.png\" alt=\"rest toggle\" class=\"wp-image-112171\" srcset=\"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1561\/h:689\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/06\/rest-toggle.png 1561w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:300\/h:132\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/06\/rest-toggle.png 300w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1024\/h:452\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/06\/rest-toggle.png 1024w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:768\/h:339\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/06\/rest-toggle.png 768w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1536\/h:678\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/06\/rest-toggle.png 1536w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:50\/h:22\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/06\/rest-toggle.png 50w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:480\/h:212\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/06\/rest-toggle.png 480w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:794\/h:350\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/06\/rest-toggle.png 794w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1200\/h:530\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/06\/rest-toggle.png 1200w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:296\/h:131\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/06\/rest-toggle.png 296w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:390\/h:172\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/06\/rest-toggle.png 390w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:270\/h:119\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/06\/rest-toggle.png 270w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1561\/h:689\/q:mauto\/f:best\/dpr:2\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/06\/rest-toggle.png 2x\" sizes=\"(max-width: 700px) 100vw, 700px\"><\/figure>\n\n\n\n<p>So just tick the toggle and then click on <strong>Save Changes<\/strong>. Done!<\/p>\n\n\n<div class=\"su-divider su-divider-style-default\" style=\"margin:40px 0;border-width:15px;border-color:#4267cf\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading joli-heading jtoc-heading\" id=\"method-2-using-a-code-snippet\">Method 2: Using a code snippet &#128190;<\/h3>\n\n\n\n<p>Okay, so now the more manual path.<\/p>\n\n\n\n<p>In all honesty, disabling REST API is simple enough that you don&rsquo;t really need a specialized plugin just for that. You can use a code snippet and get the same effect. Plus, you even get more control of the outcome.<\/p>\n\n\n\n<p>I&rsquo;m going to show you two different code snippets you can use to disable REST API under different conditions &ndash; use the one that matches your situation better&hellip;or use the first one if you&rsquo;re not sure. &#129315;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"a-prevent-endpoint-registration\">(a) Prevent endpoint registration altogether.<\/h4>\n\n\n\n<p>Here&rsquo;s the snippet:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>add_filter( 'rest_enabled', '__return_false' );\nadd_filter( 'rest_jsonp_enabled', '__return_false' );<\/code><\/pre>\n\n\n\n<p>Here&rsquo;s what&rsquo;s going on: As soon as WordPress initializes its REST mechanisms, the <code>rest_enabled<\/code> filter fires. But since we return <em>false<\/em> here, we&rsquo;re telling it to never register any REST routes. Then, <code>rest_jsonp_enabled<\/code> returning <em>false<\/em> stops JSONP wrappers from even being created.<\/p>\n\n\n\n<p>Therefore, if any incoming request is made, every <code>\/wp-json\/<\/code> URL immediately returns a 404 (because there are literally no routes registered).<\/p>\n\n\n\n<p>There&rsquo;s no authentication check, no JSON-error message. It&rsquo;s just WordPress acting as if REST API simply didn&rsquo;t exist.<\/p>\n\n\n\n<p><strong>Use this snippet if you want REST to be &ldquo;invisible.&rdquo;<\/strong> &#128077;<\/p>\n\n\n\n<p>Pros:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Great for performance. WordPress never registers any of the REST routes in the first place.<\/li>\n\n\n\n<li>Clean 404 behavior. Meaning that nothing in the output reveals that REST API is disabled.<\/li>\n<\/ul>\n\n\n\n<p>Cons:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>If another plugin (or theme) tries to register custom REST routes later, they&rsquo;ll also be blocked.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"b-deny-every-incoming-request\">(b) Deny every incoming request.<\/h4>\n\n\n\n<p>Here&rsquo;s the snippet:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>add_filter( 'rest_authentication_errors', 'disable_rest_api' );\n\nfunction disable_rest_api( $access ) {\n    return new WP_Error(\n        'rest_disabled',\n        __( 'The WordPress REST API has been disabled.' ),\n        array( 'status' =&gt; rest_authorization_required_code() )\n    );\n}<\/code><\/pre>\n\n\n\n<p>Here&rsquo;s what&rsquo;s going on: The <code>rest_authentication_errors<\/code> filter runs right when WordPress is about to check whether the current REST request is allowed. However, we&rsquo;re forcing this to always return a <code>WP_Error<\/code>, which basically means that we&rsquo;re denying every incoming request (whether authenticated or not).<\/p>\n\n\n\n<p>More specifically, any call to <code>\/wp-json\/<\/code> returns a JSON error object like this:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>{ \"code\": \"rest_disabled\", \"message\": \"The WordPress REST API has been disabled.\", \"data\": { \"status\": 401 } }<\/code><\/pre>\n\n\n\n<p><strong>Use this snippet if you&rsquo;d rather give API clients a clear &ldquo;disabled&rdquo; message.<\/strong> &#128077;<\/p>\n\n\n\n<p>Pros:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>All routes are still &ldquo;registered&rdquo; behind the scenes. It&rsquo;s just that every request gets a WP_Error. That means if some plugin or theme tries to check for the existence of your custom route, the route is still registered (it just won&rsquo;t ever return useful data).<\/li>\n\n\n\n<li>You get an explicit JSON error response instead of a 404.<\/li>\n<\/ul>\n\n\n\n<p>Cons:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Slightly less performant. WordPress still registers every core REST route (and any third-party route), then immediately blocks it on authentication.<\/li>\n\n\n\n<li>Plugins\/themes that do something at route-registration time may still run, even though the route will be forbidden later.<\/li>\n<\/ul>\n\n\n\n<p>So, which snippet do you prefer?<\/p>\n\n\n\n<p><strong><em>&ldquo;Wait, where do I include this code snippet?&rdquo;<\/em><\/strong><\/p>\n\n\n\n<p>My favorite approach is to use the <a href=\"https:\/\/wordpress.org\/plugins\/code-snippets\/\" target=\"_blank\" rel=\"noopener\">Code Snippets<\/a> plugin. Install, activate, and then go to <strong>Snippets &rarr; Add New<\/strong> from the WordPress dashboard. Copy and paste your snippet there. Make sure to select <strong>Run snippet everywhere<\/strong> and click on <strong>Save Changes and Activate<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full blog-img-std\"><img data-opt-id=357399589  fetchpriority=\"high\" decoding=\"async\" width=\"1162\" height=\"606\" src=\"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/06\/add-new-snippet.png\" alt=\"add new snippet\" class=\"wp-image-112172\" srcset=\"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1162\/h:606\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/06\/add-new-snippet.png 1162w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:300\/h:156\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/06\/add-new-snippet.png 300w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1024\/h:534\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/06\/add-new-snippet.png 1024w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:768\/h:401\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/06\/add-new-snippet.png 768w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:50\/h:26\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/06\/add-new-snippet.png 50w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:460\/h:240\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/06\/add-new-snippet.png 460w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:761\/h:397\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/06\/add-new-snippet.png 761w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1150\/h:600\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/06\/add-new-snippet.png 1150w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:284\/h:148\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/06\/add-new-snippet.png 284w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:374\/h:195\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/06\/add-new-snippet.png 374w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:259\/h:135\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/06\/add-new-snippet.png 259w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1162\/h:606\/q:mauto\/f:best\/dpr:2\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/06\/add-new-snippet.png 2x\" sizes=\"(max-width: 700px) 100vw, 700px\"><\/figure>\n\n\n<div class=\"su-divider su-divider-style-dotted\" style=\"margin:40px 0;border-width:1px;border-color:#999999\"><a href=\"#\" style=\"color:#999999\">Go to top<\/a><\/div>\n\n\n\n<h2 class=\"wp-block-heading joli-heading jtoc-heading\" id=\"h-conclusion\">Conclusion<\/h2>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<p>While REST API can be useful in certain scenarios and for some WordPress sites, it&rsquo;s clearly not for everyone. This is why disabling it makes sense in some cases.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n\t\t<div class=\"ti-tweet-clear\"><\/div>\n\t\t\t<div class=\"ti-tweet_wrapper\">\n\t\t    \t<div class=\"ti-tweet_text\">\n\t\t    \t\t<a href=\"https:\/\/twitter.com\/share?text=How+to+disable+%23WordPress+REST+API+%F0%9F%9B%91+Once%2C+and+for+all%21&amp;via=themeisle&amp;related=themeisle&amp;url=https:\/\/themeisle.com\/blog\/disable-wordpress-rest-api\/\" target=\"_blank\" rel=\"nofollow\">How to disable #WordPress REST API &#128721; Once, and for all!<\/a>\n\t\t    \t<\/div>\n\t\t    \t<div class=\"ti-tweet_sharebtn\">\n\t\t    \t<a href=\"https:\/\/twitter.com\/share?text=How+to+disable+%23WordPress+REST+API+%F0%9F%9B%91+Once%2C+and+for+all%21&amp;via=themeisle&amp;related=themeisle&amp;url=https:\/\/themeisle.com\/blog\/disable-wordpress-rest-api\/\" target=\"_blank\" rel=\"nofollow\">Click To Tweet \n\t\t    \t\t<span><\/span>\n\t\t    \t<\/a>\n\t\t    <\/div>\n\t\t<\/div>\n<\/div>\n<\/div>\n\n\n\n<p>I&rsquo;ve shown you two ways to get rid of it&hellip;actually, I showed you four: two plugins and two different snippets. You have more than enough solutions to choose from! &#128515;<\/p>\n\n\n\n<p><strong><em>Do you have any questions about the WordPress REST API or how to disable it? Let us know in the comments section below!<\/em><\/strong><\/p>\n\n\n<style>.ticss-d144f107 strong{font-weight: 700;\n    letter-spacing: -0.2px;\n    line-height: 1.2;\n    display: inline-block;}<\/style>\n\n\n<div class=\"wp-block-columns speed-guide has-white-color has-text-color has-background has-link-color wp-elements-2f81f6c5526477b5b4d52d1ca4513949 is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\" style=\"background-color:#4267cf\">\n<div class=\"wp-block-column is-vertically-aligned-center is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:40%\">\n<figure class=\"wp-block-image size-medium\"><img data-opt-id=30701221  fetchpriority=\"high\" decoding=\"async\" width=\"300\" height=\"300\" src=\"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:300\/h:300\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/09\/e2ce20299a807336c68c2e029640adaa1.png\" alt=\"speed guide\" class=\"wp-image-113040\" srcset=\"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:300\/h:300\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/09\/e2ce20299a807336c68c2e029640adaa1.png 300w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1024\/h:1024\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/09\/e2ce20299a807336c68c2e029640adaa1.png 1024w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:150\/h:150\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/09\/e2ce20299a807336c68c2e029640adaa1.png 150w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:768\/h:768\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/09\/e2ce20299a807336c68c2e029640adaa1.png 768w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:50\/h:50\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/09\/e2ce20299a807336c68c2e029640adaa1.png 50w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:240\/h:240\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/09\/e2ce20299a807336c68c2e029640adaa1.png 240w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:397\/h:397\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/09\/e2ce20299a807336c68c2e029640adaa1.png 397w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:600\/h:600\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/09\/e2ce20299a807336c68c2e029640adaa1.png 600w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:148\/h:148\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/09\/e2ce20299a807336c68c2e029640adaa1.png 148w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:195\/h:195\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/09\/e2ce20299a807336c68c2e029640adaa1.png 195w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:135\/h:135\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/09\/e2ce20299a807336c68c2e029640adaa1.png 135w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1080\/h:1080\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/09\/e2ce20299a807336c68c2e029640adaa1.png 1200w, https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:1080\/h:1080\/q:mauto\/f:best\/dpr:2\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2025\/09\/e2ce20299a807336c68c2e029640adaa1.png 2x\" sizes=\"(max-width: 300px) 100vw, 300px\"><\/figure>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<p class=\"has-text-align-center ticss-58e79f2f\" style=\"font-size:14px\"><strong>FREE GUIDE<\/strong><\/p>\n\n\n\n<p class=\"ticss-d144f107\" style=\"font-size:25px\"><strong>4 Essential Steps to Speed Up Your&nbsp;WordPress Website<\/strong><\/p>\n\n\n\n<p class=\"ticss-3b627beb\">Follow the simple steps in our 4-part mini series and reduce your loading times by 50-80%.&nbsp;&#128640;<\/p>\n\n\n<p><\/p><div class=\"frm_forms  with_frm_style frm_style_themeisle\" id=\"frm_form_4_container\" data-token=\"173916a7f6c7aec0d4fa5af1b609cb3a\">\n<form enctype=\"multipart\/form-data\" method=\"post\" class=\"frm-show-form  frm_pro_form \" id=\"form_site-speed-guide-below-post\" data-token=\"173916a7f6c7aec0d4fa5af1b609cb3a\">\n<div class=\"frm_form_fields \">\n<fieldset>\n<legend class=\"frm_screen_reader\">Site Speed Guide - Below Post<\/legend>\r\n\r\n<div class=\"frm_fields_container\">\n<input type=\"hidden\" name=\"frm_action\" value=\"create\">\n<input type=\"hidden\" name=\"form_id\" value=\"4\">\n<input type=\"hidden\" name=\"frm_hide_fields_4\" id=\"frm_hide_fields_4\" value=\"\">\n<input type=\"hidden\" name=\"form_key\" value=\"site-speed-guide-below-post\">\n<input type=\"hidden\" name=\"item_meta[0]\" value=\"\">\n<input type=\"hidden\" id=\"frm_submit_entry_4\" name=\"frm_submit_entry_4\" value=\"1ab6c017d0\"><input type=\"hidden\" name=\"_wp_http_referer\" value=\"\/blog\/wp-json\/wp\/v2\/posts\/71637\"><input type=\"hidden\" name=\"item_meta[18]\" id=\"field_6px6q2\" value=\"\/blog\/wp-json\/wp\/v2\/posts\/71637\" data-frmval=\"\/blog\/wp-json\/wp\/v2\/posts\/71637\">\n<div id=\"frm_field_15_container\" class=\"frm_form_field form-field  frm_required_field frm_none_container\">\r\n\t<label for=\"field_6px6q\" id=\"field_6px6q_label\" class=\"frm_primary_label\">Your Email\r\n\t\t<span class=\"frm_required\" aria-hidden=\"true\">*<\/span>\r\n\t<\/label>\r\n\t<input type=\"email\" id=\"field_6px6q\" name=\"item_meta[15]\" value=\"\" autocomplete=\"email\" placeholder=\"your@email.com\" data-reqmsg=\"Your Email cannot be blank.\" aria-required=\"true\" data-invmsg=\"Your Email is invalid\" aria-invalid=\"false\">\r\n\t\r\n\t\r\n<\/div>\n<div id=\"frm_field_17_container\" class=\"frm_form_field form-field  frm_none_container vertical_radio\">\r\n\t<div id=\"field_6px6q3_label\" class=\"frm_primary_label\">Subscribe to our newsletter\r\n\t\t<span class=\"frm_required\" aria-hidden=\"true\"><\/span>\r\n\t<\/div>\r\n\t<div class=\"frm_opt_container\" aria-labelledby=\"field_6px6q3_label\" role=\"group\">\t\t<div class=\"frm_checkbox\" id=\"frm_checkbox_17-0\">\t\t\t<label for=\"field_6px6q3-0\">\n\t\t\t<input type=\"checkbox\" name=\"item_meta[17][]\" id=\"field_6px6q3-0\" value=\"true\" data-invmsg=\"Subscribe to our newsletter is invalid\" aria-invalid=\"false\"> Subscribe to our newsletter<\/label><\/div>\n<\/div>\r\n\t\r\n\t\r\n<\/div>\n<div id=\"frm_field_14_container\" class=\"frm_form_field form-field \">\r\n\t<div class=\"frm_submit frm_flex\">\r\n<button class=\"frm_button_submit frm_final_submit\" type=\"submit\" formnovalidate=\"formnovalidate\">FREE ACCESS<\/button>\r\n\r\n\r\n\r\n<\/div>\r\n<\/div>\n\t<input type=\"hidden\" name=\"item_key\" value=\"\">\n\t\t\t<div id=\"frm_field_24_container\">\n\t\t\t<label for=\"field_jyj9\">\n\t\t\t\tIf you are human, leave this field blank.\t\t\t<\/label>\n\t\t\t<input id=\"field_jyj9\" type=\"text\" class=\"frm_form_field form-field frm_verify\" name=\"item_meta[24]\" value=\"\">\n\t\t<\/div>\n\t\t<input name=\"frm_state\" type=\"hidden\" value=\"tGKtIG19U6wyYcew8uBttbrUfwXv\/EEipWdAj2IBYrowF9M0QAXa6pd1+Qu8+H8p\"><\/div>\n<\/fieldset>\n<\/div>\n\n<p style=\"display: none !important;\" class=\"akismet-fields-container\" data-prefix=\"ak_\"><label>&Delta;<textarea name=\"ak_hp_textarea\" cols=\"45\" rows=\"8\" maxlength=\"100\"><\/textarea><\/label><input type=\"hidden\" id=\"ak_js_1\" name=\"ak_js\" value=\"141\"><script>document.getElementById( \"ak_js_1\" ).setAttribute( \"value\", ( new Date() ).getTime() );<\/script><\/p><\/form>\n<\/div>\n\n<\/div>\n<\/div>\n\n","protected":false},"excerpt":{"rendered":"You don&#8217;t always need WordPress REST API. In fact, sometimes you&#8217;re better off without it. This post is for people who want to shut it down fast. Maybe you&#8217;re worried about someone poking around your site&#8217;s data. Maybe your server&#8217;s feeling the load. Maybe you just want one less thing &#8220;exposed.&#8221; Whatever your reason, I&#8217;ll show you how to disable the REST API cleanly and completely.","protected":false},"author":5,"featured_media":112177,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_stopmodifiedupdate":false,"_modified_date":"","_themeisle_gutenberg_block_has_review":false,"footnotes":""},"categories":[26,272],"tags":[],"hashtags":[],"class_list":["post-71637","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-wordpress","category-wordpress-tutorials"],"wppr_data":{"cwp_meta_box_check":"No"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v21.8 (Yoast SEO v26.1.1) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>How to Disable WordPress REST API (2 Expert-Tested Ways)<\/title>\n<meta name=\"description\" content=\"Want to disable WordPress REST API on your site? We show you two easy ways to do it - by using a plugin or a code snippet!\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/themeisle.com\/blog\/disable-wordpress-rest-api\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to Disable WordPress REST API (2 Expert-Tested Ways)\" \/>\n<meta property=\"og:description\" content=\"Want to disable WordPress REST API on your site? We show you two easy ways to do it - by using a plugin or a code snippet!\" \/>\n<meta property=\"og:url\" content=\"https:\/\/themeisle.com\/blog\/disable-wordpress-rest-api\/\" \/>\n<meta property=\"og:site_name\" content=\"Themeisle Blog\" \/>\n<meta property=\"article:published_time\" content=\"2023-07-03T12:30:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-04T17:53:20+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2023\/07\/How-to-Disable-WordPress-REST-API.png\" \/>\n\t<meta property=\"og:image:width\" content=\"2180\" \/>\n\t<meta property=\"og:image:height\" content=\"1090\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Karol K\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@iamkarolk\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Karol K\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/themeisle.com\/blog\/disable-wordpress-rest-api\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/themeisle.com\/blog\/disable-wordpress-rest-api\/\"},\"author\":{\"name\":\"Karol K\",\"@id\":\"https:\/\/themeisle.com\/blog\/#\/schema\/person\/fdae8d9189aff08a5eaef8f6fb4e22b9\"},\"headline\":\"How to Disable WordPress REST API (2 Expert-Tested Ways)\",\"datePublished\":\"2023-07-03T12:30:00+00:00\",\"dateModified\":\"2025-06-04T17:53:20+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/themeisle.com\/blog\/disable-wordpress-rest-api\/\"},\"wordCount\":1595,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/themeisle.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/themeisle.com\/blog\/disable-wordpress-rest-api\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2023\/07\/How-to-Disable-WordPress-REST-API.png\",\"articleSection\":[\"WordPress\",\"WordPress Tutorials\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/themeisle.com\/blog\/disable-wordpress-rest-api\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/themeisle.com\/blog\/disable-wordpress-rest-api\/\",\"url\":\"https:\/\/themeisle.com\/blog\/disable-wordpress-rest-api\/\",\"name\":\"How to Disable WordPress REST API (2 Expert-Tested Ways)\",\"isPartOf\":{\"@id\":\"https:\/\/themeisle.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/themeisle.com\/blog\/disable-wordpress-rest-api\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/themeisle.com\/blog\/disable-wordpress-rest-api\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2023\/07\/How-to-Disable-WordPress-REST-API.png\",\"datePublished\":\"2023-07-03T12:30:00+00:00\",\"dateModified\":\"2025-06-04T17:53:20+00:00\",\"description\":\"Want to disable WordPress REST API on your site? We show you two easy ways to do it - by using a plugin or a code snippet!\",\"breadcrumb\":{\"@id\":\"https:\/\/themeisle.com\/blog\/disable-wordpress-rest-api\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/themeisle.com\/blog\/disable-wordpress-rest-api\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/themeisle.com\/blog\/disable-wordpress-rest-api\/#primaryimage\",\"url\":\"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2023\/07\/How-to-Disable-WordPress-REST-API.png\",\"contentUrl\":\"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2023\/07\/How-to-Disable-WordPress-REST-API.png\",\"width\":2180,\"height\":1090,\"caption\":\"How to Disable WordPress REST API\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/themeisle.com\/blog\/disable-wordpress-rest-api\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/themeisle.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to Disable WordPress REST API (2 Expert-Tested Ways)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/themeisle.com\/blog\/#website\",\"url\":\"https:\/\/themeisle.com\/blog\/\",\"name\":\"Themeisle Blog\",\"description\":\"WordPress Tutorials and Reviews for Beginners and Advanced\",\"publisher\":{\"@id\":\"https:\/\/themeisle.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/themeisle.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/themeisle.com\/blog\/#organization\",\"name\":\"VertiStudio\",\"alternateName\":\"Vertigo Studio SA\",\"url\":\"https:\/\/themeisle.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/themeisle.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2024\/02\/VertiStudio_logo1.png\",\"contentUrl\":\"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2024\/02\/VertiStudio_logo1.png\",\"width\":718,\"height\":156,\"caption\":\"VertiStudio\"},\"image\":{\"@id\":\"https:\/\/themeisle.com\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/themeisle.com\/blog\/#\/schema\/person\/fdae8d9189aff08a5eaef8f6fb4e22b9\",\"name\":\"Karol K\",\"description\":\"Karol Krol is a writer, content strategist, and WordPress figure-outer with over 20 years of experience rooted in website building and web technologies. With his expertise underpinned by a master\\\\'s degree in computer science, he authored \\\\\\\"WordPress Complete\\\\\\\" - the ultimate WordPress handbook for newbies. His work has been published across numerous industry websites. He leads the editorial team at Themeisle.\",\"sameAs\":[\"https:\/\/karol.cc\/\",\"https:\/\/www.linkedin.com\/in\/karolkrol\/\",\"https:\/\/www.pinterest.com\/carlosinho\/\",\"https:\/\/x.com\/iamkarolk\",\"https:\/\/www.youtube.com\/@wpworkshophq\"],\"url\":\"https:\/\/themeisle.com\/blog\/author\/karol-k\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"How to Disable WordPress REST API (2 Expert-Tested Ways)","description":"Want to disable WordPress REST API on your site? We show you two easy ways to do it - by using a plugin or a code snippet!","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/themeisle.com\/blog\/disable-wordpress-rest-api\/","og_locale":"en_US","og_type":"article","og_title":"How to Disable WordPress REST API (2 Expert-Tested Ways)","og_description":"Want to disable WordPress REST API on your site? We show you two easy ways to do it - by using a plugin or a code snippet!","og_url":"https:\/\/themeisle.com\/blog\/disable-wordpress-rest-api\/","og_site_name":"Themeisle Blog","article_published_time":"2023-07-03T12:30:00+00:00","article_modified_time":"2025-06-04T17:53:20+00:00","og_image":[{"width":2180,"height":1090,"url":"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2023\/07\/How-to-Disable-WordPress-REST-API.png","type":"image\/png"}],"author":"Karol K","twitter_card":"summary_large_image","twitter_creator":"@iamkarolk","twitter_misc":{"Written by":"Karol K","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/themeisle.com\/blog\/disable-wordpress-rest-api\/#article","isPartOf":{"@id":"https:\/\/themeisle.com\/blog\/disable-wordpress-rest-api\/"},"author":{"name":"Karol K","@id":"https:\/\/themeisle.com\/blog\/#\/schema\/person\/fdae8d9189aff08a5eaef8f6fb4e22b9"},"headline":"How to Disable WordPress REST API (2 Expert-Tested Ways)","datePublished":"2023-07-03T12:30:00+00:00","dateModified":"2025-06-04T17:53:20+00:00","mainEntityOfPage":{"@id":"https:\/\/themeisle.com\/blog\/disable-wordpress-rest-api\/"},"wordCount":1595,"commentCount":0,"publisher":{"@id":"https:\/\/themeisle.com\/blog\/#organization"},"image":{"@id":"https:\/\/themeisle.com\/blog\/disable-wordpress-rest-api\/#primaryimage"},"thumbnailUrl":"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2023\/07\/How-to-Disable-WordPress-REST-API.png","articleSection":["WordPress","WordPress Tutorials"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/themeisle.com\/blog\/disable-wordpress-rest-api\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/themeisle.com\/blog\/disable-wordpress-rest-api\/","url":"https:\/\/themeisle.com\/blog\/disable-wordpress-rest-api\/","name":"How to Disable WordPress REST API (2 Expert-Tested Ways)","isPartOf":{"@id":"https:\/\/themeisle.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/themeisle.com\/blog\/disable-wordpress-rest-api\/#primaryimage"},"image":{"@id":"https:\/\/themeisle.com\/blog\/disable-wordpress-rest-api\/#primaryimage"},"thumbnailUrl":"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2023\/07\/How-to-Disable-WordPress-REST-API.png","datePublished":"2023-07-03T12:30:00+00:00","dateModified":"2025-06-04T17:53:20+00:00","description":"Want to disable WordPress REST API on your site? We show you two easy ways to do it - by using a plugin or a code snippet!","breadcrumb":{"@id":"https:\/\/themeisle.com\/blog\/disable-wordpress-rest-api\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/themeisle.com\/blog\/disable-wordpress-rest-api\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/themeisle.com\/blog\/disable-wordpress-rest-api\/#primaryimage","url":"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2023\/07\/How-to-Disable-WordPress-REST-API.png","contentUrl":"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2023\/07\/How-to-Disable-WordPress-REST-API.png","width":2180,"height":1090,"caption":"How to Disable WordPress REST API"},{"@type":"BreadcrumbList","@id":"https:\/\/themeisle.com\/blog\/disable-wordpress-rest-api\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/themeisle.com\/blog\/"},{"@type":"ListItem","position":2,"name":"How to Disable WordPress REST API (2 Expert-Tested Ways)"}]},{"@type":"WebSite","@id":"https:\/\/themeisle.com\/blog\/#website","url":"https:\/\/themeisle.com\/blog\/","name":"Themeisle Blog","description":"WordPress Tutorials and Reviews for Beginners and Advanced","publisher":{"@id":"https:\/\/themeisle.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/themeisle.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/themeisle.com\/blog\/#organization","name":"VertiStudio","alternateName":"Vertigo Studio SA","url":"https:\/\/themeisle.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/themeisle.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2024\/02\/VertiStudio_logo1.png","contentUrl":"https:\/\/mllj2j8xvfl0.i.optimole.com\/cb:c5QE.37290\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/themeisle.com\/blog\/wp-content\/uploads\/2024\/02\/VertiStudio_logo1.png","width":718,"height":156,"caption":"VertiStudio"},"image":{"@id":"https:\/\/themeisle.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/themeisle.com\/blog\/#\/schema\/person\/fdae8d9189aff08a5eaef8f6fb4e22b9","name":"Karol K","description":"Karol Krol is a writer, content strategist, and WordPress figure-outer with over 20 years of experience rooted in website building and web technologies. With his expertise underpinned by a master\\'s degree in computer science, he authored \\\"WordPress Complete\\\" - the ultimate WordPress handbook for newbies. His work has been published across numerous industry websites. He leads the editorial team at Themeisle.","sameAs":["https:\/\/karol.cc\/","https:\/\/www.linkedin.com\/in\/karolkrol\/","https:\/\/www.pinterest.com\/carlosinho\/","https:\/\/x.com\/iamkarolk","https:\/\/www.youtube.com\/@wpworkshophq"],"url":"https:\/\/themeisle.com\/blog\/author\/karol-k\/"}]}},"_links":{"self":[{"href":"https:\/\/themeisle.com\/blog\/wp-json\/wp\/v2\/posts\/71637","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/themeisle.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/themeisle.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/themeisle.com\/blog\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/themeisle.com\/blog\/wp-json\/wp\/v2\/comments?post=71637"}],"version-history":[{"count":18,"href":"https:\/\/themeisle.com\/blog\/wp-json\/wp\/v2\/posts\/71637\/revisions"}],"predecessor-version":[{"id":112180,"href":"https:\/\/themeisle.com\/blog\/wp-json\/wp\/v2\/posts\/71637\/revisions\/112180"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/themeisle.com\/blog\/wp-json\/wp\/v2\/media\/112177"}],"wp:attachment":[{"href":"https:\/\/themeisle.com\/blog\/wp-json\/wp\/v2\/media?parent=71637"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/themeisle.com\/blog\/wp-json\/wp\/v2\/categories?post=71637"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/themeisle.com\/blog\/wp-json\/wp\/v2\/tags?post=71637"},{"taxonomy":"hashtags","embeddable":true,"href":"https:\/\/themeisle.com\/blog\/wp-json\/wp\/v2\/hashtags?post=71637"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}