{"id":662,"date":"2023-05-13T10:19:51","date_gmt":"2023-05-13T03:19:51","guid":{"rendered":"https:\/\/dev.artru.eu.org\/?p=662"},"modified":"2023-08-21T17:37:25","modified_gmt":"2023-08-21T10:37:25","slug":"bao-mat-rest-api","status":"publish","type":"post","link":"https:\/\/artru.net\/en\/bao-mat-rest-api\/","title":{"rendered":"Securing REST API in Wordpress"},"content":{"rendered":"<h2 class=\"wp-block-heading\">Is it possible to disable REST API?<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">This is the same question that I have been thinking about for a long time. After I learned about the API, I got the answer.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">REST API is fully integrated in WordPress version 4.7 (2016). So the WordPress Admin functions are dependent on the API.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">However, you can use filters to authenticate API user requests. This effectively prevents external API access without affecting the ADMIN account.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Insert php code to disable REST API<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Insert the code into the functionc.php file of the theme \/ child theme or mu-plugins (I use mu-plugins as the functions configuration file for the website).<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>PHP code:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\" data-no-translation=\"\" data-no-auto-translation=\"\"><code data-no-translation=\"\" data-no-auto-translation=\"\">\/** T\u1eaft REST API cho ng\u01b0\u1eddi d\u00f9ng ch\u01b0a \u0111\u0103ng nh\u1eadp *\/\nadd_filter( 'rest_authentication_errors', function( $result ) {\n    if ( true === $result || is_wp_error( $result ) ) {\n        return $result;\n    }\n    if ( ! is_user_logged_in() ) {\n        return new WP_Error(\n            'rest_not_logged_in',\n            __( 'You are not currently logged in.' ),\n            array( 'status' =&gt; 401 )\n        );\n    }\n    return $result;\n});<\/code><\/pre>","protected":false},"excerpt":{"rendered":"<p>C\u00f3 th\u1ec3 t\u1eaft REST API kh\u00f4ng? \u0110\u00e2y c\u0169ng ch\u00ednh l\u00e0 v\u1ea5n \u0111\u1ec1 m\u00e0 m\u00ecnh suy t\u01b0 b\u1ea5y l\u00e2u. Sau khi m\u00ecnh t\u00ecm hi\u1ec3u v\u1ec1 API th\u00ec \u0111\u00e3 c\u00f3 \u0111\u01b0\u1ee3c c\u00e2u tr\u1ea3 l\u1eddi. REST API \u0111\u01b0\u1ee3c t\u00edch h\u1ee3p \u0111\u1ea7y \u0111\u1ee7 trong phi\u00ean b\u1ea3n WordPress 4.7 (n\u0103m 2016). V\u00ec v\u1eady c\u00e1c ch\u1ee9c n\u0103ng Qu\u1ea3n tr\u1ecb vi\u00ean WordPress [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[],"class_list":["post-662","post","type-post","status-publish","format-standard","hentry","category-website"],"_links":{"self":[{"href":"https:\/\/artru.net\/en\/wp-json\/wp\/v2\/posts\/662","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/artru.net\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/artru.net\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/artru.net\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/artru.net\/en\/wp-json\/wp\/v2\/comments?post=662"}],"version-history":[{"count":0,"href":"https:\/\/artru.net\/en\/wp-json\/wp\/v2\/posts\/662\/revisions"}],"wp:attachment":[{"href":"https:\/\/artru.net\/en\/wp-json\/wp\/v2\/media?parent=662"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/artru.net\/en\/wp-json\/wp\/v2\/categories?post=662"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/artru.net\/en\/wp-json\/wp\/v2\/tags?post=662"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}