Descripción
The most comprehensive plugin for controlling access to the WordPress REST API!
Works as a “set it and forget it” install. Just upload and activate, and the entire REST API will be inaccessible to your general site visitors.
But if you do need to grant access to some endpoints, you can do that too. Go to the Settings page and you can quickly whitelist individual endpoints (or entire branches of endpoints) in the REST API.
You can even do this on a per-user-role basis, so your unauthenticated users have one set of rules while WooCommerce customers have another while Subscribers and Editors and Admins all have their own. NOTE: Out of the box, all defined user roles will still be granted full access to the REST API until you choose to manage those settings.
For most versions of WordPress, this plugin will return an authentication error if a user is not allowed to access an endpoint. For legacy support, WordPress 4.4, 4.5, and 4.6 use the provided rest_enabled
filter to disable the entire REST API.
Capturas de pantalla
Instalación
- Sube el directorio
disable-json-api
al directorio/wp-content/plugins/
mediante FTP - Alternatively, upload the
disable-json-api_v#.#.zip
file to the ‘Plugins->Add New’ page in your WordPress admin area - Activa el plugin desde el menú ‘Plugins’ de WordPress
FAQ
-
¿Cómo sé si este plugin está funcionando?
-
While logged into WordPress as any user, the REST API will function as intended. Because of this, you must use a new browser – or Chrome’s incognito mode – to test your website with a clean session. Go to yourdomain.com/wp-json/ (or yourdomain.com/?rest_route=/ if you have pretty permalinks disabled) while NOT LOGGED IN to test the results. You will see an authentication error returned if the plugin is active. “DRA: Only authenticated users can access the REST API.”
-
Does this plugin disable every REST API that is installed on my site?
-
This plugin is ONLY meant to disable endpoints accessible via the core REST API that is part of WordPress itself. If a plugin or theme has implemented their own REST API (not to be confused with implementing their own endpoints within the WordPress API) this plugin will have no effect.
Reseñas
Colaboradores & Desarrolladores
“Desactivar la REST API” es software de código abierto. Las siguientes personas han contribuido a este plugin.
Colaboradores“Desactivar la REST API” ha sido traducido en 14 idiomas. Gracias a los traductores por sus contribuciones.
Traduce “Desactivar la REST API” a tu idioma.
¿Interesado en el desarrollo?
Revisa el código, echa un vistazo al repositorio SVN, o suscríbete al registro de desarrollo por RSS .
Historial de cambios
1.8
- Tested up to WP v6.3
- Added
dra_error_message
filter so devs can customize the access error message - Fixed bug that caused fatal errors if activating plugin on installations running the LearnPress plugin
- Changed minimum requirements to PHP 5.6 (up from 5.3) and WordPress 4.9 (up from 4.4). Adding docblock comments to support minimums.
1.7
- Tested up to WP v5.8
- Replace use of filemtime() with plugin version number for static file enqueues. Props @tangrufus for bringing this up!
- Fixed logic bug for role-based default_allow rules. Props @msp1974 for the report!
- Few small code-style updates
1.6
- Tested up to WP v5.6
- Added support for managing endpoint access on a per-user-role basis
- Soooooooo many small changes behind the scenes to support the above
1.5.1
- Tested up to WP v5.5
1.5
- Tested up to WP v5.3
- Added enforcement for WordPress and PHP minimum version requirements
- Fixed minor bug to prevent unintended empty routes
- Minor text updates and adding textdomain to translation functions that didn’t have them
1.4.3
- Añadido
load_plugin_textdomain()
para i18n
1.4.2
- Solucionada incidencia que causaba desbloqueo no intencionado de endpoints cuando otro WP_Error existía antes que este plugin hiciera su trabajo
1.4.1
- Solucionada impresión de la URL en la página principal de Plugins en el Dashboard de WP
1.4
- Probado con WP v4.8
- Probado con PHP 5.3+
- Añadida página de ajustes
- Administradores del sitio pueden ahora añadir a la lista blanca rutas en las que deseen permitir acceso anónimo
- Añadido filtro
dra_allow_rest_api
a la comprobación is_logged_in(), para que los desarrolladores puedan tener más ajuste fino con los permisos - Gracias a @tangrufus por toda la ayuda recibida en esta versión
1.3
- Probado con WP v4.7
- Añadida nueva funcionalidad para mostrar errores de autenticación en 4.7+ para usuarios sin sesión iniciada
1.2
- Probado con WP v4.5
- Eliminado de acciones que publican información REST en la head y en la cabecera
1.1
- Actualizado para soportar los nuevos filtros creados en la API 2.0 beta
1.0
- Lanzamiento inicial