{"id":662,"date":"2023-05-13T10:19:51","date_gmt":"2023-05-13T03:19:51","guid":{"rendered":"https:\/\/dev.artru.eu.org\/?p=662"},"modified":"2023-08-21T17:37:25","modified_gmt":"2023-08-21T10:37:25","slug":"bao-mat-rest-api","status":"publish","type":"post","link":"https:\/\/artru.net\/en\/bao-mat-rest-api\/","title":{"rendered":"Securing REST API in Wordpress"},"content":{"rendered":"<h2 class=\"wp-block-heading\">Is it possible to disable REST API?<\/h2>\n\n\n\n<p>This is the same question that I have been thinking about for a long time. After I learned about the API, I got the answer.<\/p>\n\n\n\n<p>REST API is fully integrated in WordPress version 4.7 (2016). So the WordPress Admin functions are dependent on the API.<\/p>\n\n\n\n<p>However, you can use filters to authenticate API user requests. This effectively prevents external API access without affecting the ADMIN account.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Insert php code to disable REST API<\/h2>\n\n\n\n<p>Insert the code into the functionc.php file of the theme \/ child theme or mu-plugins (I use mu-plugins as the functions configuration file for the website).<\/p>\n\n\n\n<p><strong>PHP code:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\" data-no-translation=\"\" data-no-auto-translation=\"\"><code data-no-translation=\"\" data-no-auto-translation=\"\">\/** T\u1eaft REST API cho ng\u01b0\u1eddi d\u00f9ng ch\u01b0a \u0111\u0103ng nh\u1eadp *\/\nadd_filter( 'rest_authentication_errors', function( $result ) {\n    if ( true === $result || is_wp_error( $result ) ) {\n        return $result;\n    }\n    if ( ! is_user_logged_in() ) {\n        return new WP_Error(\n            'rest_not_logged_in',\n            __( 'You are not currently logged in.' ),\n            array( 'status' =&gt; 401 )\n        );\n    }\n    return $result;\n});<\/code><\/pre>","protected":false},"excerpt":{"rendered":"<p>C\u00f3 th\u1ec3 t\u1eaft REST API kh\u00f4ng? \u0110\u00e2y c\u0169ng ch\u00ednh l\u00e0 v\u1ea5n \u0111\u1ec1 m\u00e0 m\u00ecnh suy t\u01b0 b\u1ea5y l\u00e2u. Sau khi m\u00ecnh t\u00ecm hi\u1ec3u v\u1ec1 API th\u00ec \u0111\u00e3 c\u00f3 \u0111\u01b0\u1ee3c c\u00e2u [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[],"class_list":["post-662","post","type-post","status-publish","format-standard","hentry","category-website"],"_links":{"self":[{"href":"https:\/\/artru.net\/en\/wp-json\/wp\/v2\/posts\/662","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/artru.net\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/artru.net\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/artru.net\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/artru.net\/en\/wp-json\/wp\/v2\/comments?post=662"}],"version-history":[{"count":0,"href":"https:\/\/artru.net\/en\/wp-json\/wp\/v2\/posts\/662\/revisions"}],"wp:attachment":[{"href":"https:\/\/artru.net\/en\/wp-json\/wp\/v2\/media?parent=662"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/artru.net\/en\/wp-json\/wp\/v2\/categories?post=662"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/artru.net\/en\/wp-json\/wp\/v2\/tags?post=662"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}