Title: 禁用WP REST API Author: Jeff Starr Published: 2018 年 6 月 6 日 Last modified: 2026 年 4 月 22 日 --- 搜索插件 ![](https://ps.w.org/disable-wp-rest-api/assets/icon-256x256.png?rev=1926021) # 禁用WP REST API 作者:[Jeff Starr](https://profiles.wordpress.org/specialk/) [下载](https://downloads.wordpress.org/plugin/disable-wp-rest-api.2.6.8.zip) * [详情](https://cn.wordpress.org/plugins/disable-wp-rest-api/#description) * [评价](https://cn.wordpress.org/plugins/disable-wp-rest-api/#reviews) * [安装](https://cn.wordpress.org/plugins/disable-wp-rest-api/#installation) * [开发进展](https://cn.wordpress.org/plugins/disable-wp-rest-api/#developers) [支持](https://wordpress.org/support/plugin/disable-wp-rest-api/) ## 描述 **Does one thing:** Completely disables the WordPress REST API for visitors who are not logged into WordPress. No configuration required. **Important:** This plugin completely disables the WP REST API for visitors who are NOT logged in to WordPress. So not recommended if your site needs the WP REST API for any non-logged users. 👉 The fast, simple way to prevent abuse of your site’s REST/JSON API 👉 Protects your site’s REST data from all non-logged users and bots 👉 Uses only 4KB of code, so super lightweight, fast, and effective 🛠️ Pro version available! [Check out REST Pro Tools »](https://plugin-planet.com/rest-pro-tools/) ### 特色 * 禁用访问者的REST / JSON(未登录) * 在HTTP响应中为所有用户禁用REST头 * 已禁用所有用户的HTML头中的RESET链接 * 100%即插即用,一劳永逸的解决方案 **How does it work?** This plugin completely disables the WP REST API _unless_ the user is logged into WordPress. * For logged-in (authenticated) users, WP REST API works normally * For logged-out (unauthenticated) users, WP REST API is disabled 如果注销的访问者发出JSON / REST请求会发生什么? 他们只会收到一条简单的信息: ``` rest_login_required: REST API restricted to authenticated users. ``` This message may customized via the filter hook, `disable_wp_rest_api_error`. Check out [this post](https://wordpress.org/support/topic/not-entirely-for-non-techies/#post-12014965) for an example of how to do it. ### Pro Version 🛠️ Check out the Pro version, [REST Pro Tools](https://plugin-planet.com/rest-pro-tools/), loaded with many awesome features: * One-click disable all routes * One-click disable all /users routes * Disable any specific user routes based on role * Whitelist any user IDs * Whitelist any IP addresses * Customize the REST error message * Customize the REST response code * Always require or force SSL/TLS * Disable all JSONP shenanigans * One-click disable any REST API headers * Add any post meta (custom field) to REST API * Add any user meta (custom field) to REST API * Add routes for site profile and author profile * Add routes for featured images and post categories * Add routes for post taxonomies and terms * At-a-glance check status of REST API The free version does only one thing: disables REST API for unauthenticated users. The PRO version can do that and much more! Take full control of the REST API with [REST Pro Tools »](https://plugin-planet.com/rest-pro-tools/) ### 隐私 This plugin does not collect or store any user data. It does not set any cookies, and it does not connect to any third-party locations. Thus, this plugin does not affect user privacy in any way. If anything it _improves_ user privacy, as it protects potentially sensitive information from being displayed/accessed via REST API. Disable WP REST API is developed and maintained by [Jeff Starr](https://x.com/perishable), 15-year [WordPress developer](https://plugin-planet.com/) and [book author](https://books.perishablepress.com/). ### 支持此插件的开发 I develop and maintain this free plugin with love for the WordPress community. To show support, you can [make a donation](https://monzillamedia.com/donate.html) or purchase one of my books: * [The Tao of WordPress](https://wp-tao.com/) * [Digging into WordPress](https://digwp.com/) * [.htaccess made easy](https://htaccessbook.com/) * [WordPress Themes In Depth](https://wp-tao.com/wordpress-themes-book/) * [Wizard’s SQL Recipes for WordPress](https://books.perishablepress.com/downloads/wizards-collection-sql-recipes-wordpress/) And/or purchase one of my premium WordPress plugins: * [BBQ Pro](https://plugin-planet.com/bbq-pro/) – Blazing fast WordPress firewall * [Blackhole Pro](https://plugin-planet.com/blackhole-pro/) – Automatically block bad bots * [Banhammer Pro](https://plugin-planet.com/banhammer-pro/) – Monitor traffic and ban the bad guys * [GA Google Analytics Pro](https://plugin-planet.com/ga-google-analytics-pro/)– Connect WordPress to Google Analytics * [Head Meta Pro](https://plugin-planet.com/head-meta-pro/) – Ultimate Meta Tags for WordPress * [REST Pro Tools](https://plugin-planet.com/rest-pro-tools/) – Awesome tools for managing the WP REST API * [Simple Ajax Chat Pro](https://plugin-planet.com/simple-ajax-chat-pro/) – Unlimited chat rooms * [USP Pro](https://plugin-planet.com/usp-pro/) – Unlimited front-end forms Links, tweets and likes also appreciated. Thank you! 🙂 ## 安装 **如何安装** 1. 将插件上传到您的博客并激活 2. 完成! 无需进一步配置。 [More info on installing WP plugins](https://wordpress.org/documentation/article/manage-plugins/#installing-plugins-1) **测试中** 要测试插件是否正常工作,请注销WordPress,然后在浏览器中请求`https://example.com/ wp-json/`。 有关更多信息,请参阅常见问题解答 **Pro Version** Need more control of the WP REST API? [Check out the Pro version »](https://plugin-planet.com/rest-pro-tools/) **喜欢这个插件吗?** 如果您喜欢《禁用WP REST API》,请花点时间[ 给予5星评级](https://wordpress.org/support/plugin/disable-wp-rest-api/reviews/?rate=5#new-post)。 它有助于保持发展和支持的强大。 谢谢! **Uninstalling** To uninstall/remove the plugin, visit the Plugins screen, deactivate and delete the plugin. This plugin makes no changes to the WP database. ## 常见问题 ### 为什么有人想要禁用REST API? Technically this plugin disables REST API only for visitors who are **not** logged into WordPress. With that in mind, here are some good reasons why someone would want to disable REST API for non-logged users: * 非登录用户可能不需要REST API * 禁用REST API可节省服务器资源 * 禁用REST API可以最大限度地减少潜在的攻击媒介 * 禁用REST API可防止内容抓取和抄袭 我确定那边有[其他有效理由](https://digwp.com/2018/08/secure-wp-rest-api/),但你懂 的:) ### What is the default access-denied message? When the user is logged in to WordPress, the normal REST API data will be displayed. When the user is _not_ logged in, this is the default message: ``` {"code":"rest_login_required","message":"REST API restricted to authenticated users.","data":{"status":401}} ``` ### 如何测试REST已禁用? 测试很简单: 1. 注销WordPress 2. 使用浏览器,请求`https://example.com/wp-json/` 如果看到以下消息,则REST是禁用状态: “rest_login_required:REST API仅限于经过身份验证的用户。” 然后,如果您重新登录并对`https://example.com/wp-json/`发出新请求,您将看到REST正常 工作。 ### 它是否禁用了其他插件添加的REST功能? Yes. If the user is NOT logged in, this plugin disables ALL endpoints that are registered with the WP REST API. Otherwise, if the user IS logged in, then this plugin does not block anything. ### Does this work with Gutenberg/Block Editor? Yes. It works the same regardless of which editor (Classic or Block) you are using. ### How to customize the error message? By default the plugin displays a message for unauthenticated users: “REST API restricted to authenticated users.” To customize that message to whatever you want, add the following code via functions.php or simple [custom plugin](https://digwp.com/2022/02/custom-code-wordpress/): ``` function disable_wp_rest_api_error_custom($message) { return 'Customize your message here.'; // change this to whatever you want } add_filter('disable_wp_rest_api_error', 'disable_wp_rest_api_error_custom'); ``` ### How to allow access for Contact Form 7? As explained in this [thread](https://wordpress.org/support/topic/contact-forrm-7-bypass-solution/), the plugin Contact Form 7 requires REST API access in order for the contact form to work. To allow for this, follow [this guide](https://perishablepress.com/contact-form-7-disable-wp-rest-api/). ### Got a question? Send any questions or feedback via my [contact form](https://plugin-planet.com/support/#contact) ## 评价 ![](https://secure.gravatar.com/avatar/5299e088badf21e6a4a7497b5bb225b1b63b4440db14993cb1102c152054a1a7? s=60&d=retro&r=g) ### 󠀁[good job](https://wordpress.org/support/topic/good-job-1885/)󠁿 [pftsoi](https://profiles.wordpress.org/pftsoi/) 2025 年 9 月 8 日 good job ![](https://secure.gravatar.com/avatar/53b876447630c744e5562cd4b3985514b6b317784f4168cf8ca2c954753f6306? s=60&d=retro&r=g) ### 󠀁[Very simple and effective](https://wordpress.org/support/topic/very-simple-and-effective-29/)󠁿 [terrymason](https://profiles.wordpress.org/terrymason/) 2024 年 11 月 19 日 just activate the plugin and it works. ![](https://secure.gravatar.com/avatar/7bdeae3e3f899915da10e6e0eb8e58857d8237d099681d86feaa7b8c52115398? s=60&d=retro&r=g) ### 󠀁[I like it!](https://wordpress.org/support/topic/i-like-it-1043/)󠁿 [wildstar2022](https://profiles.wordpress.org/wildstar2022/) 2024 年 5 月 6 日 I’ve tried many different solutions using functions.php because I did not want to install yet another plugin. I’m glad I found this one though. It’s simple, lightweight, maintains privacy, and functions with the latest version of WordPress. Thanks Jeff! ![](https://secure.gravatar.com/avatar/9c7be41168a828b3275c2a320c1b629708f7a7af499541029a40e662b9320a3e? s=60&d=retro&r=g) ### 󠀁[Good Stuff – but make many other things more complicate](https://wordpress.org/support/topic/good-stuff-but-make-many-other-things-more-complicate/)󠁿 [metaeditor](https://profiles.wordpress.org/metaeditor/) 2023 年 3 月 29 日 In generel a Good security concept . But at the other end many plugin developer use the Rest API Could be done much easier with a 5 3 line htaccess rule to block only ^.*wp-json/wp/v2/(users But anyway a good solution if you have a simpel installation. ![](https://secure.gravatar.com/avatar/4c485a16524f42bc4f2f4f13b4f0dc22ee6a42fe669182a6ecdd8d7a1ab96a49? s=60&d=retro&r=g) ### 󠀁[Blocks Contact Form 7 forms sending](https://wordpress.org/support/topic/blocks-contact-form-7-forms-sending/)󠁿 [Hendrik57](https://profiles.wordpress.org/hendrik57/) 2023 年 2 月 12 日 6 回复 As the title says: Blocks Contact Form 7 forms sending after install and activate. ![](https://secure.gravatar.com/avatar/dd8cef4c70bb3a14f5922eb54c92a8166947a303f44eb4a89a954cee4defad6f? s=60&d=retro&r=g) ### 󠀁[Super simple plugin](https://wordpress.org/support/topic/super-plugin-1132/)󠁿 [tinaponting](https://profiles.wordpress.org/ponting/) 2024 年 12 月 29 日 Great plugin, takes nopower from the blog:) [ 阅读所有36条评价 ](https://wordpress.org/support/plugin/disable-wp-rest-api/reviews/) ## 贡献者及开发者 「禁用WP REST API」是开源软件。 以下人员对此插件做出了贡献。 贡献者 * [ Jeff Starr ](https://profiles.wordpress.org/specialk/) 「禁用WP REST API」插件已被翻译至 8 种本地化语言。 感谢[所有译者](https://translate.wordpress.org/projects/wp-plugins/disable-wp-rest-api/contributors) 为本插件所做的贡献。 [帮助将「禁用WP REST API」翻译成简体中文。](https://translate.wordpress.org/projects/wp-plugins/disable-wp-rest-api) ### 对开发感兴趣吗? 您可以[浏览代码](https://plugins.trac.wordpress.org/browser/disable-wp-rest-api/), 查看[SVN仓库](https://plugins.svn.wordpress.org/disable-wp-rest-api/),或通过[RSS](https://plugins.trac.wordpress.org/log/disable-wp-rest-api/?limit=100&mode=stop_on_copy&format=rss) 订阅[开发日志](https://plugins.trac.wordpress.org/log/disable-wp-rest-api/)。 ## 更新日志 如果您喜欢《禁用WP REST API》,请花点时间[ 给予5星评级](https://wordpress.org/support/plugin/disable-wp-rest-api/reviews/?rate=5#new-post)。 它有助于保持发展和支持的强大。 谢谢! > 🛠️ Pro version now available! Get granular control over the REST API with [REST Pro Tools »](https://plugin-planet.com/rest-pro-tools/) #### 2.6.8 * Improves readme.txt documentation * Adds blurb about new pro version * Tests on WordPress 7.0 Full changelog @ [https://plugin-planet.com/wp/changelog/disable-wp-rest-api.txt](https://plugin-planet.com/wp/changelog/disable-wp-rest-api.txt) ## 额外信息 * 版本 **2.6.8** * 最后更新:**2 月前** * 活跃安装数量 **30,000+** * WordPress 版本 ** 4.7 或更高版本 ** * 已测试的最高版本为 **7.0** * PHP 版本 ** 5.6.20 或更高版本 ** * 语言 * [Chinese (China)](https://cn.wordpress.org/plugins/disable-wp-rest-api/) 、 [Chinese (Taiwan)](https://tw.wordpress.org/plugins/disable-wp-rest-api/)、 [Dutch](https://nl.wordpress.org/plugins/disable-wp-rest-api/) 、 [English (US)](https://wordpress.org/plugins/disable-wp-rest-api/)、 [German](https://de.wordpress.org/plugins/disable-wp-rest-api/) 、 [Italian](https://it.wordpress.org/plugins/disable-wp-rest-api/)、 [Russian](https://ru.wordpress.org/plugins/disable-wp-rest-api/) 、 [Spanish (Chile)](https://cl.wordpress.org/plugins/disable-wp-rest-api/) 和 [Ukrainian](https://uk.wordpress.org/plugins/disable-wp-rest-api/). * [翻译成简体中文](https://translate.wordpress.org/projects/wp-plugins/disable-wp-rest-api) * 标签 * [api](https://cn.wordpress.org/plugins/tags/api/)[disable](https://cn.wordpress.org/plugins/tags/disable/) [JSON](https://cn.wordpress.org/plugins/tags/json/)[rest](https://cn.wordpress.org/plugins/tags/rest/) [rest-api](https://cn.wordpress.org/plugins/tags/rest-api/) * [高级视图](https://cn.wordpress.org/plugins/disable-wp-rest-api/advanced/) ## 评级 4.8 星(最高 5 星)。 * [ 34 条 5 星评价 ](https://wordpress.org/support/plugin/disable-wp-rest-api/reviews/?filter=5) * [ 0 条 4 星评价 ](https://wordpress.org/support/plugin/disable-wp-rest-api/reviews/?filter=4) * [ 1 条 3 星评价 ](https://wordpress.org/support/plugin/disable-wp-rest-api/reviews/?filter=3) * [ 0 条 2 星评价 ](https://wordpress.org/support/plugin/disable-wp-rest-api/reviews/?filter=2) * [ 1 条 1 星评价 ](https://wordpress.org/support/plugin/disable-wp-rest-api/reviews/?filter=1) [Your review](https://wordpress.org/support/plugin/disable-wp-rest-api/reviews/#new-post) [查看全部评论](https://wordpress.org/support/plugin/disable-wp-rest-api/reviews/) ## 贡献者 * [ Jeff Starr ](https://profiles.wordpress.org/specialk/) ## 支持 有话要说吗?是否需要帮助? [查看支持论坛](https://wordpress.org/support/plugin/disable-wp-rest-api/) ## 捐助 您愿意支持这个插件的发展吗? [ 捐助此插件 ](https://monzillamedia.com/donate.html)