Disable REST API - Version v1.5.1

Version Description

Download this release

Release Info

Developer dmchale
Plugin Icon 128x128 Disable REST API
Version v1.5.1
Comparing to
See all releases

Code changes from version v1.5 to v1.5.1

Files changed (2) hide show
  1. disable-json-api.php +1 -1
  2. readme.txt +12 -24
disable-json-api.php CHANGED
@@ -3,7 +3,7 @@
3
  * Plugin Name: Disable REST API
4
  * Plugin URI: http://www.binarytemplar.com/disable-json-api
5
  * Description: Disable the use of the REST API on your website to anonymous users
6
- * Version: 1.5
7
  * Author: Dave McHale
8
  * Author URI: http://www.binarytemplar.com
9
  * Text Domain: disable-json-api
3
  * Plugin Name: Disable REST API
4
  * Plugin URI: http://www.binarytemplar.com/disable-json-api
5
  * Description: Disable the use of the REST API on your website to anonymous users
6
+ * Version: 1.5.1
7
  * Author: Dave McHale
8
  * Author URI: http://www.binarytemplar.com
9
  * Text Domain: disable-json-api
readme.txt CHANGED
@@ -3,8 +3,8 @@ Contributors: dmchale, tangrufus
3
  Tags: admin, api, json, REST, rest-api, disable
4
  Requires at least: 4.4
5
  Requires PHP: 5.6
6
- Tested up to: 5.3
7
- Stable tag: 1.5
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
@@ -14,44 +14,29 @@ Disable the use of the REST API on your website to unauthenticated users.
14
 
15
  The most comprehensive plugin for controlling access to the WordPress REST API!
16
 
17
- Works as a "set it and forget it" install. Just upload and activate, and the entire REST API will be inaccessible to
18
- your site visitors. Or if you have a plugin or theme installed which needs some of its endpoints to be accessible to
19
- site visitors, you can do that too. Go to the Settings page and you can quickly whitelist individual endpoints - or
20
- entire branches of endpoints - registered with the REST API.
21
 
22
- The engine for the API has existed in WordPress since v4.4 and additional functionality and endpoints are a
23
- continual project. While this is very exciting news for many reasons, it is also not functionality that every site
24
- admin wants enabled on their website if not necessary.
25
 
26
- As of WordPress 4.7, the filters provided for disabling the REST API were removed. To compensate, this plugin will
27
- forcibly return an authentication error to any API requests from sources who are not logged into your website, which
28
- will effectively still prevent unauthorized requests from using the REST API to get information from your website.
29
 
30
- For WordPress versions 4.4, 4.5 and 4.6, this plugin makes use of the `rest_enabled` filter provided by the API to
31
- disable the API functionality. However, it is strongly recommended that all site owners run the most recent version
32
- of WordPress except where absolutely necessary.
33
 
34
  == Installation ==
35
 
36
  1. Upload the `disable-json-api` directory to the `/wp-content/plugins/` directory via FTP
37
- 1. Alternatively, upload the `disable-json-api_v#.#.zip` file to the 'Plugins->Add New' page in your WordPress admin
38
- area
39
  1. Activate the plugin through the 'Plugins' menu in WordPress
40
 
41
  == Frequently Asked Questions ==
42
 
43
  = How do I know if this plugin is working? =
44
 
45
- While logged into WordPress as any user, the REST API will function as intended. Because of this, you must use a new
46
- browser - or Chrome's incognito mode - to test your website with a clean session. Go to yourdomain.com/wp-json/ (or
47
- yourdomain.com/?rest_route=/ if you have pretty permalinks disabled) while NOT LOGGED IN to test the results. You will
48
- see an authentication error returned if the plugin is active. "DRA: Only authenticated users can access the REST API."
49
 
50
  = Does this plugin disable all REST API's installed? =
51
 
52
- This plugin is ONLY meant to disable endpoints accessible via the default REST API that is part of WordPress itself. If
53
- a plugin or theme chooses to register its namespace with the core REST API, its endpoints will - by default - by
54
- disabled so long as this plugin is active. Namespaces and routes may be whitelisted via this plugin's Settings page.
55
 
56
  == Screenshots ==
57
 
@@ -61,6 +46,9 @@ disabled so long as this plugin is active. Namespaces and routes may be whitelis
61
 
62
  == Changelog ==
63
 
 
 
 
64
  = 1.5 =
65
  * Tested up to WP v5.3
66
  * Added enforcement for WordPress and PHP minimum version requirements
3
  Tags: admin, api, json, REST, rest-api, disable
4
  Requires at least: 4.4
5
  Requires PHP: 5.6
6
+ Tested up to: 5.5
7
+ Stable tag: 1.5.1
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
14
 
15
  The most comprehensive plugin for controlling access to the WordPress REST API!
16
 
17
+ Works as a "set it and forget it" install. Just upload and activate, and the entire REST API will be inaccessible to your site visitors. Or if you have a plugin or theme installed which needs some of its endpoints to be accessible to site visitors, you can do that too. Go to the Settings page and you can quickly whitelist individual endpoints - or entire branches of endpoints - registered with the REST API.
 
 
 
18
 
19
+ The engine for the API has existed in WordPress since v4.4 and additional functionality and endpoints are a continual project. While this is very exciting news for many reasons, it is also not functionality that every site admin wants enabled on their website if not necessary.
 
 
20
 
21
+ As of WordPress 4.7, the filters provided for disabling the REST API were removed. To compensate, this plugin will forcibly return an authentication error to any API requests from sources who are not logged into your website, which will effectively still prevent unauthorized requests from using the REST API to get information from your website.
 
 
22
 
23
+ For WordPress versions 4.4, 4.5 and 4.6, this plugin makes use of the `rest_enabled` filter provided by the API to disable the API functionality. However, it is strongly recommended that all site owners run the most recent version of WordPress except where absolutely necessary.
 
 
24
 
25
  == Installation ==
26
 
27
  1. Upload the `disable-json-api` directory to the `/wp-content/plugins/` directory via FTP
28
+ 1. Alternatively, upload the `disable-json-api_v#.#.zip` file to the 'Plugins->Add New' page in your WordPress admin area
 
29
  1. Activate the plugin through the 'Plugins' menu in WordPress
30
 
31
  == Frequently Asked Questions ==
32
 
33
  = How do I know if this plugin is working? =
34
 
35
+ While logged into WordPress as any user, the REST API will function as intended. Because of this, you must use a new browser - or Chrome's incognito mode - to test your website with a clean session. Go to yourdomain.com/wp-json/ (or yourdomain.com/?rest_route=/ if you have pretty permalinks disabled) while NOT LOGGED IN to test the results. You will see an authentication error returned if the plugin is active. "DRA: Only authenticated users can access the REST API."
 
 
 
36
 
37
  = Does this plugin disable all REST API's installed? =
38
 
39
+ This plugin is ONLY meant to disable endpoints accessible via the default REST API that is part of WordPress itself. If a plugin or theme chooses to register its namespace with the core REST API, its endpoints will - by default - by disabled so long as this plugin is active. Namespaces and routes may be whitelisted via this plugin's Settings page.
 
 
40
 
41
  == Screenshots ==
42
 
46
 
47
  == Changelog ==
48
 
49
+ = 1.5.1 =
50
+ * Tested up to WP v5.5
51
+
52
  = 1.5 =
53
  * Tested up to WP v5.3
54
  * Added enforcement for WordPress and PHP minimum version requirements