WP Adminify
How to Disable Rest API and x-powered by notice from http headers?
Disabling the Rest API and removing x-powered by notice from http headers add extra security on your Website.
Step 1: Enable the features
To enabel this option, navigate to Security > Rest API. Just toggle the switch and you will get two option.
Step 2: Disable Rest API
If you have done the step 1, then you will get “Disable Rest API‘ checkbox. Just check this and save your settings.
Step 3: Remove X-Powered-By notice from HTTP Header
Remove the PHP version from your http headers info by using this option. Just check and box and save the settings.
You can verify this from your network options on the frontend.
Disable REST API for Non Authenticated Users
So, if you are not using the WP Adminify plugin, then there is a solution for you. But I recommand you to get suggestion from an expert before applying this on your production website.
Just copy and paste the following code and yoour WordPress sites REST API will be disabled for non logged in users.
add_filter('rest_authentication_errors', function ($result) {
if (!is_user_logged_in()) {
return new WP_Error('rest_disabled', 'REST API restricted to authenticated users.', ['status' => 403]);
}
return $result;
});You can put this code inside your active themes functions.php file.
If you face problem then undo the code and use the WP Adminify plugin to disable REST API feature on your WordPress site.
Didn’t find what you were looking for? Get in touch!
Updated on September 27, 2024
Was this helpful to you?