[wp-trac] [WordPress Trac] #39806: Disable REST API by default, making it opt-in rather than always-on
WordPress Trac
noreply at wordpress.org
Tue Feb 7 19:27:28 UTC 2017
#39806: Disable REST API by default, making it opt-in rather than always-on
-------------------------+------------------------------
Reporter: mor10 | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: REST API | Version: trunk
Severity: normal | Resolution:
Keywords: close | Focuses:
-------------------------+------------------------------
Changes (by jnylen0):
* keywords: => close
Comment:
Replying to [comment:4 mor10]:
> IMO that's an argument to tie REST API availability to user roles or
public/private demarcation line.
If you really want to disable the REST API on your site(s), this is our
current recommendation: restrict it to authenticated users. However, we
want to continue to increase adoption and usage of the REST API, and I
expect that even this modification will break more and more WP
functionality as time goes on, such as API-driven themes and embeds.
Still, here is one example of a plugin that follows this recommendation
for WP 4.7+: https://wordpress.org/plugins/disable-json-api/
There used to be a `rest_enabled` filter, however, we deprecated it in WP
4.7 when the endpoints shipped. As previously noted, lots more discussion
on #38446 where this change happened.
This ticket can be closed as `wontfix`, IMO.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/39806#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list