Title: Disable WP REST API
Author: Jeff Starr
Published: <strong>6. Juni 2018</strong>
Last modified: 22. April 2026

---

Plugins suchen

![](https://ps.w.org/disable-wp-rest-api/assets/icon-256x256.png?rev=1926021)

# Disable WP REST API

 Von [Jeff Starr](https://profiles.wordpress.org/specialk/)

[Herunterladen](https://downloads.wordpress.org/plugin/disable-wp-rest-api.2.6.8.zip)

 * [Details](https://de.wordpress.org/plugins/disable-wp-rest-api/#description)
 * [Rezensionen](https://de.wordpress.org/plugins/disable-wp-rest-api/#reviews)
 *  [Installation](https://de.wordpress.org/plugins/disable-wp-rest-api/#installation)
 * [Entwicklung](https://de.wordpress.org/plugins/disable-wp-rest-api/#developers)

 [Support](https://wordpress.org/support/plugin/disable-wp-rest-api/)

## Beschreibung

**Does one thing:** Completely disables the WordPress REST API for visitors who 
are not logged into WordPress. No configuration required.

**Important:** This plugin completely disables the WP REST API for visitors who 
are NOT logged in to WordPress. So not recommended if your site needs the WP REST
API for any non-logged users.

👉 The fast, simple way to prevent abuse of your site’s REST/JSON API
 👉 Protects
your site’s REST data from all non-logged users and bots 👉 Uses only 4KB of code,
so super lightweight, fast, and effective

🛠️ Pro version available! [Check out REST Pro Tools »](https://plugin-planet.com/rest-pro-tools/)

### Funktionen

 * Disable REST/JSON for visitors (not logged in)
 * Disables REST header in HTTP response for all users
 * Disables REST links in HTML head for all users
 * 100% plug-and-play, set-it-and-forget solution

**How does it work?**

This plugin completely disables the WP REST API _unless_ the user is logged into
WordPress.

 * For logged-in (authenticated) users, WP REST API works normally
 * For logged-out (unauthenticated) users, WP REST API is disabled

What happens if logged-out visitor makes a JSON/REST request? They will get only
a simple message:

    ```
    rest_login_required: REST API restricted to authenticated users.
    ```

This message may customized via the filter hook, `disable_wp_rest_api_error`. Check
out [this post](https://wordpress.org/support/topic/not-entirely-for-non-techies/#post-12014965)
for an example of how to do it.

### Pro Version

🛠️ Check out the Pro version, [REST Pro Tools](https://plugin-planet.com/rest-pro-tools/),
loaded with many awesome features:

 * One-click disable all routes
 * One-click disable all /users routes
 * Disable any specific user routes based on role
 * Whitelist any user IDs
 * Whitelist any IP addresses
 * Customize the REST error message
 * Customize the REST response code
 * Always require or force SSL/TLS
 * Disable all JSONP shenanigans
 * One-click disable any REST API headers
 * Add any post meta (custom field) to REST API
 * Add any user meta (custom field) to REST API
 * Add routes for site profile and author profile
 * Add routes for featured images and post categories
 * Add routes for post taxonomies and terms
 * At-a-glance check status of REST API

The free version does only one thing: disables REST API for unauthenticated users.
The PRO version can do that and much more! Take full control of the REST API with
[REST Pro Tools »](https://plugin-planet.com/rest-pro-tools/)

### Datenschutz

Dieses Plugin sammelt und speichert keine Benutzerdaten. Es setzt keine Cookies 
und es verbindet sich zu keinen Drittanbietern. Daher beeinträchtigt dieses Plugin
die Privatsphäre des Benutzers in keiner Weise. Wenn überhaupt, dann _verbessert_
es die Privatsphäre des Benutzers, da es potenziell sensible Informationen vor der
Anzeige/Aufruf durch die RESP API schützt.

Disable WP REST API is developed and maintained by [Jeff Starr](https://x.com/perishable),
15-year [WordPress developer](https://plugin-planet.com/) and [book author](https://books.perishablepress.com/).

### Support development of this plugin

I develop and maintain this free plugin with love for the WordPress community. To
show support, you can [make a donation](https://monzillamedia.com/donate.html) or
purchase one of my books:

 * [The Tao of WordPress](https://wp-tao.com/)
 * [Digging into WordPress](https://digwp.com/)
 * [.htaccess made easy](https://htaccessbook.com/)
 * [WordPress Themes In Depth](https://wp-tao.com/wordpress-themes-book/)
 * [Wizard’s SQL Recipes for WordPress](https://books.perishablepress.com/downloads/wizards-collection-sql-recipes-wordpress/)

And/or purchase one of my premium WordPress plugins:

 * [BBQ Pro](https://plugin-planet.com/bbq-pro/) – Blazing fast WordPress firewall
 * [Blackhole Pro](https://plugin-planet.com/blackhole-pro/) – Automatically block
   bad bots
 * [Banhammer Pro](https://plugin-planet.com/banhammer-pro/) – Monitor traffic and
   ban the bad guys
 * [GA Google Analytics Pro](https://plugin-planet.com/ga-google-analytics-pro/)–
   Connect WordPress to Google Analytics
 * [Head Meta Pro](https://plugin-planet.com/head-meta-pro/) – Ultimate Meta Tags
   for WordPress
 * [REST Pro Tools](https://plugin-planet.com/rest-pro-tools/) – Awesome tools for
   managing the WP REST API
 * [Simple Ajax Chat Pro](https://plugin-planet.com/simple-ajax-chat-pro/) – Unlimited
   chat rooms
 * [USP Pro](https://plugin-planet.com/usp-pro/) – Unlimited front-end forms

Links, tweets and likes also appreciated. Thank you! 🙂

## Installation

**How to Install**

 1. Upload the plugin to your blog and activate
 2. Done! No further configuration is required.

[More info on installing WP plugins](https://wordpress.org/documentation/article/manage-plugins/#installing-plugins-1)

**Testing**

To test that the plugin is working, log out of WordPress and then request `https://
example.com/wp-json/` in a browser. See FAQs for more infos.

**Pro Version**

Need more control of the WP REST API? [Check out the Pro version »](https://plugin-planet.com/rest-pro-tools/)

**Gefällt dir das Plugin?**

If you like Disable WP REST API, please take a moment to [give a 5-star rating](https://wordpress.org/support/plugin/disable-wp-rest-api/reviews/?rate=5#new-post).
It helps to keep development and support going strong. Thank you!

**Uninstalling**

To uninstall/remove the plugin, visit the Plugins screen, deactivate and delete 
the plugin. This plugin makes no changes to the WP database.

## FAQ

### Why would anyone want to disable the REST API?

Technically this plugin disables REST API only for visitors who are **not** logged
into WordPress. With that in mind, here are some good reasons why someone would 
want to disable REST API for non-logged users:

 * The REST API may not be needed for non-logged users
 * Disabling the REST API conserves server resources
 * Disabling the REST API minimizes potential attack vectors
 * Disabling the REST API prevents content scraping and plagiarism

I’m sure there are [other valid reasons](https://digwp.com/2018/08/secure-wp-rest-api/),
but you get the idea 🙂

### What is the default access-denied message?

When the user is logged in to WordPress, the normal REST API data will be displayed.
When the user is _not_ logged in, this is the default message:

    ```
    {"code":"rest_login_required","message":"REST API restricted to authenticated users.","data":{"status":401}}
    ```

### How do I test that REST is disabled?

Testing is easy:

 1. Von WordPress abmelden
 2. Using a browser, request `https://example.com/wp-json/`

If you see the following message, REST is disabled:

„rest_login_required: REST API restricted to authenticated users.“

Then if you log back in and make a new request for `https://example.com/wp-json/`,
you will see that REST is working normally.

### Does it disable REST functionality added by other plugins?

Yes. If the user is NOT logged in, this plugin disables ALL endpoints that are registered
with the WP REST API. Otherwise, if the user IS logged in, then this plugin does
not block anything.

### Funktioniert es mit dem Gutenberg/Block Editor?

Yes. It works the same regardless of which editor (Classic or Block) you are using.

### Wie kannst du die Fehlermeldung anpassen?

By default the plugin displays a message for unauthenticated users: „REST API restricted
to authenticated users.“ To customize that message to whatever you want, add the
following code via functions.php or simple [custom plugin](https://digwp.com/2022/02/custom-code-wordpress/):

    ```
    function disable_wp_rest_api_error_custom($message) {

        return 'Customize your message here.'; // change this to whatever you want

    }
    add_filter('disable_wp_rest_api_error', 'disable_wp_rest_api_error_custom');
    ```

### Wie wird der Zugriff für Contact Form 7 zugelassen?

As explained in this [thread](https://wordpress.org/support/topic/contact-forrm-7-bypass-solution/),
the plugin Contact Form 7 requires REST API access in order for the contact form
to work. To allow for this, follow [this guide](https://perishablepress.com/contact-form-7-disable-wp-rest-api/).

### Hast du Fragen?

Sende Fragen und Feedback über mein [Kontaktformular](https://plugin-planet.com/support/#contact)

## Rezensionen

![](https://secure.gravatar.com/avatar/5299e088badf21e6a4a7497b5bb225b1b63b4440db14993cb1102c152054a1a7?
s=60&d=retro&r=g)

### 󠀁[good job](https://wordpress.org/support/topic/good-job-1885/)󠁿

 [pftsoi](https://profiles.wordpress.org/pftsoi/) 8. September 2025

good job

![](https://secure.gravatar.com/avatar/53b876447630c744e5562cd4b3985514b6b317784f4168cf8ca2c954753f6306?
s=60&d=retro&r=g)

### 󠀁[Very simple and effective](https://wordpress.org/support/topic/very-simple-and-effective-29/)󠁿

 [terrymason](https://profiles.wordpress.org/terrymason/) 19. November 2024

just activate the plugin and it works.

![](https://secure.gravatar.com/avatar/7bdeae3e3f899915da10e6e0eb8e58857d8237d099681d86feaa7b8c52115398?
s=60&d=retro&r=g)

### 󠀁[I like it!](https://wordpress.org/support/topic/i-like-it-1043/)󠁿

 [wildstar2022](https://profiles.wordpress.org/wildstar2022/) 6. Mai 2024

I’ve tried many different solutions using functions.php because I did not want to
install yet another plugin. I’m glad I found this one though. It’s simple, lightweight,
maintains privacy, and functions with the latest version of WordPress. Thanks Jeff!

![](https://secure.gravatar.com/avatar/9c7be41168a828b3275c2a320c1b629708f7a7af499541029a40e662b9320a3e?
s=60&d=retro&r=g)

### 󠀁[Good Stuff – but make many other things more complicate](https://wordpress.org/support/topic/good-stuff-but-make-many-other-things-more-complicate/)󠁿

 [metaeditor](https://profiles.wordpress.org/metaeditor/) 29. März 2023

In generel a Good security concept . But at the other end many plugin developer 
use the Rest API Could be done much easier with a 5 3 line htaccess rule to block
only ^.*wp-json/wp/v2/(users But anyway a good solution if you have a simpel installation.

![](https://secure.gravatar.com/avatar/4c485a16524f42bc4f2f4f13b4f0dc22ee6a42fe669182a6ecdd8d7a1ab96a49?
s=60&d=retro&r=g)

### 󠀁[Blocks Contact Form 7 forms sending](https://wordpress.org/support/topic/blocks-contact-form-7-forms-sending/)󠁿

 [Hendrik57](https://profiles.wordpress.org/hendrik57/) 12. Februar 2023 6 Antworten

As the title says: Blocks Contact Form 7 forms sending after install and activate.

![](https://secure.gravatar.com/avatar/dd8cef4c70bb3a14f5922eb54c92a8166947a303f44eb4a89a954cee4defad6f?
s=60&d=retro&r=g)

### 󠀁[Super simple plugin](https://wordpress.org/support/topic/super-plugin-1132/)󠁿

 [tinaponting](https://profiles.wordpress.org/ponting/) 29. Dezember 2024

Great plugin, takes nopower from the blog:)

 [ Alle 36 Rezensionen lesen ](https://wordpress.org/support/plugin/disable-wp-rest-api/reviews/)

## Mitwirkende und Entwickler

„Disable WP REST API“ ist Open-Source-Software. Folgende Menschen haben an diesem
Plugin mitgewirkt:

Mitwirkende

 *   [ Jeff Starr ](https://profiles.wordpress.org/specialk/)

„Disable WP REST API“ wurde in 8 Sprachen übersetzt. Danke an [die Übersetzer](https://translate.wordpress.org/projects/wp-plugins/disable-wp-rest-api/contributors)
für ihre Mitwirkung.

[Übersetze „Disable WP REST API“ in deine Sprache.](https://translate.wordpress.org/projects/wp-plugins/disable-wp-rest-api)

### Interessiert an der Entwicklung?

[Durchstöbere den Code](https://plugins.trac.wordpress.org/browser/disable-wp-rest-api/),
sieh dir das [SVN-Repository](https://plugins.svn.wordpress.org/disable-wp-rest-api/)
an oder abonniere das [Entwicklungsprotokoll](https://plugins.trac.wordpress.org/log/disable-wp-rest-api/)
per [RSS](https://plugins.trac.wordpress.org/log/disable-wp-rest-api/?limit=100&mode=stop_on_copy&format=rss).

## Änderungsprotokoll

If you like Disable WP REST API, please take a moment to [give a 5-star rating](https://wordpress.org/support/plugin/disable-wp-rest-api/reviews/?rate=5#new-post).
It helps to keep development and support going strong. Thank you!

> 🛠️ Pro version now available! Get granular control over the REST API with [REST Pro Tools »](https://plugin-planet.com/rest-pro-tools/)

#### 2.6.8

 * Improves readme.txt documentation
 * Adds blurb about new pro version
 * Tests on WordPress 7.0

Full changelog @ [https://plugin-planet.com/wp/changelog/disable-wp-rest-api.txt](https://plugin-planet.com/wp/changelog/disable-wp-rest-api.txt)

## Meta

 *  Version **2.6.8**
 *  Zuletzt aktualisiert **vor 1 Monat**
 *  Aktive Installationen **30.000+**
 *  WordPress-Version ** 4.7 oder höher **
 *  Getestet bis **7.0**
 *  PHP-Version ** 5.6.20 oder höher **
 *  Sprachen
 * [Chinese (China)](https://cn.wordpress.org/plugins/disable-wp-rest-api/), [Chinese (Taiwan)](https://tw.wordpress.org/plugins/disable-wp-rest-api/),
   [Dutch](https://nl.wordpress.org/plugins/disable-wp-rest-api/), [English (US)](https://wordpress.org/plugins/disable-wp-rest-api/),
   [German](https://de.wordpress.org/plugins/disable-wp-rest-api/), [Italian](https://it.wordpress.org/plugins/disable-wp-rest-api/),
   [Russian](https://ru.wordpress.org/plugins/disable-wp-rest-api/), [Spanish (Chile)](https://cl.wordpress.org/plugins/disable-wp-rest-api/)
   und [Ukrainian](https://uk.wordpress.org/plugins/disable-wp-rest-api/).
 *  [Übersetze in deine Sprache](https://translate.wordpress.org/projects/wp-plugins/disable-wp-rest-api)
 * Schlagwörter
 * [api](https://de.wordpress.org/plugins/tags/api/)[disable](https://de.wordpress.org/plugins/tags/disable/)
   [JSON](https://de.wordpress.org/plugins/tags/json/)[rest](https://de.wordpress.org/plugins/tags/rest/)
   [rest-api](https://de.wordpress.org/plugins/tags/rest-api/)
 *  [Erweiterte Ansicht](https://de.wordpress.org/plugins/disable-wp-rest-api/advanced/)

## Bewertungen

 4.8 von 5 Sternen.

 *  [  34 5-Sterne-Rezensionen     ](https://wordpress.org/support/plugin/disable-wp-rest-api/reviews/?filter=5)
 *  [  0 4-Sterne-Rezensionen     ](https://wordpress.org/support/plugin/disable-wp-rest-api/reviews/?filter=4)
 *  [  1 3-Sterne-Rezension     ](https://wordpress.org/support/plugin/disable-wp-rest-api/reviews/?filter=3)
 *  [  0 2-Sterne-Rezensionen     ](https://wordpress.org/support/plugin/disable-wp-rest-api/reviews/?filter=2)
 *  [  1 1-Sterne-Rezension     ](https://wordpress.org/support/plugin/disable-wp-rest-api/reviews/?filter=1)

[Your review](https://wordpress.org/support/plugin/disable-wp-rest-api/reviews/#new-post)

[Alle Rezensionen anzeigen](https://wordpress.org/support/plugin/disable-wp-rest-api/reviews/)

## Mitwirkende

 *   [ Jeff Starr ](https://profiles.wordpress.org/specialk/)

## Support

Möchtest du etwas mitteilen? Brauchst du Unterstützung?

 [Support-Forum anzeigen](https://wordpress.org/support/plugin/disable-wp-rest-api/)

## Spenden

Möchtest du die Weiterentwicklung dieses Plugins unterstützen?

 [ Für dieses Plugin spenden ](https://monzillamedia.com/donate.html)