这个插件做了一件事:为没有登录WordPress的访问者禁用WP REST API。 无需配置。
此插件仅使用22行短代码(小于2KB)。 所以它是超轻量级、快速且高效。
特色
- 禁用访问者的REST / JSON(未登录)
- 在HTTP响应中为所有用户禁用REST头
- 已禁用所有用户的HTML头中的RESET链接
- 100%即插即用,一劳永逸的解决方案
防止滥用您网站的REST / JSON API的快速及简单的方法
它是如何工作的? 这取决于您使用的WordPress版本..
WordPress v4.7及更高版本
对于WordPress 4.7及更高版本,此插件完全禁用WP REST API ,除非用户登录到WordPress。
- 对于登录用户,WP REST API正常工作
- 对于已注销的用户,将禁用WP REST API
如果注销的访问者发出JSON / REST请求会发生什么? 他们只会收到一条简单的信息:
“rest_login_required:REST API仅限于经过身份验证的用户。”
This message may customized via the filter hook, disable_wp_rest_api_error. Check out this post for an example of how to do it.
较早版本的WordPress
对于低于4.7的WordPress版本,此插件只是为所有用户禁用所有REST API功能。
有关详细信息,请参阅常见问题解答部分。
隐私
This plugin does not collect or store any user data. It does not set any cookies, and it does not connect to any third-party locations. Thus, this plugin does not affect user privacy in any way. If anything it improves user privacy, as it protects potentially sensitive information from being displayed/accessed via REST API.
Disable WP REST API is developed and maintained by Jeff Starr, 15-year WordPress developer and book author.
支持此插件的开发
I develop and maintain this free plugin with love for the WordPress community. To show support, you can make a donation or purchase one of my books:
- The Tao of WordPress
- Digging into WordPress
- .htaccess made easy
- WordPress Themes In Depth
- Wizard’s SQL Recipes for WordPress
And/or purchase one of my premium WordPress plugins:
- BBQ Pro – Super fast WordPress firewall
- Blackhole Pro – Automatically block bad bots
- Banhammer Pro – Monitor traffic and ban the bad guys
- GA Google Analytics Pro – Connect WordPress to Google Analytics
- Simple Ajax Chat Pro – Unlimited chat rooms
- USP Pro – Unlimited front-end forms
Links, tweets and likes also appreciated. Thank you! 🙂