JSON REST API – the term is much more popular among developers. It is a feature on WordPress to GET requests. The JSON REST API is a pretty useful feature to build Apps with the WordPress platform. For example, if you want to build an Android or iOS app related to your blog, the JSON REST API is a must for the GET requests from your site to the app. It fetches the data from the WordPress site to your App. It is a data converter between two different platforms.
The below image shows an example of a WordPress REST API output.
From the 4.4 version, WordPress added the JSON REST API to its core. Unless you are a developer, the feature is not useful for normal users. If you are not aware of this or not using the feature, it is better to disable it from your WordPress site. It is potentially harmful to your website indirectly, it is vulnerable to a new type of DDoS attacks.
Steps to Disable JSON REST API in WordPress
Disabling JSON REST API is an easy process. You can easily disable it by adding a code in your WordPress site theme’s functions.php file. Add the following code to your theme functions file.
add_filter('json_enabled', '__return_false');
add_filter('json_jsonp_enabled', '__return_false')For those who are unable to edit the functions.php file to add the code, we have a Plugin to deactivate it. Disable JSON API is a WordPress plugin that disables JSON after its activation. It starts working after installation and no settings or any tweaks are required.
I hope this article is useful to disable JSON REST API from WordPress.
FAQs
These are some of the most commonly asked questions about disabling JSON API in WordPress –
The API in itself is not bad for your website. However, if you are not using it. Disabling the JSON API might improve the security a slight amount. This is because the JSON endpoints will no longer work and no one else could get access to your website using those endpoints.
Yes. You can enable the JSON API anytime you would like. If you used the above code method, you can simply remove that from your functions.php file. If you followed the plugin method, you can disable the plugin. The JSON API will be accessible again.