Hello

It is not blocking access to APIs created by JetEngine QueryBuilder

It is disabled in your plugin, but the querybuilder seems to override this block.

https://i.postimg.cc/fLfgcDXx/image.png

This API call, listed via the QUERY MONITOR plugin, was blocked even though I left it enabled for Administrators, it was only allowed when I also allowed all calls for unauthenticated users.

it appears to be a call used to create the page, it is not called by the browser, is it being called before your plugin checks if it is authenticated?

I had to disable it because it was in production, so I don’t have any more details.

I like what this plugin does, except that there’s no way to stop it from removing the Link headers.

Would be nice if there was a setting to allow it.

Is there any hook to add a custom plugin to the list of allowed or function or method?

And of no method is available can you add that on future release?

Hi there,

Just wondering if this amazing plugin is actively maintained?

Cheers ??

[11-Feb-2023 07:35:10 UTC] PHP Warning:  Undefined array key "rest_route" in /{serverpath}/wp-content/plugins/disable-json-api/classes/disable-rest-api.php on line 75

Any suggestions to avoid this warning please? Thank you

Is the Disable REST API plugin been tested by anyone and known to be compatible running under PHP 8.1? If so, what version of Disable REST API plugin is compatible with PHP 8.1?

See https://www.php.net/supported-versions.php for the PHP version support calendar, which shows which versions of PHP are End of Life (Red), Security Fixes Only (Orange) and Active Support (Green).

Hello your plugin is wonderful!

How can we disable the printing of these links:

<link rel="alternate" type="application/json+oembed" href="https://...">

WP-JSON OEMBED

If accessing this alternative link it shows as access denied, why did your plugin forbid access to it, right? But if it’s no longer allowed why is it still in HTML? How is it possible to withdraw?

I just installed this plugin and it instantly created a critical error on my site. According to the automatic error email that is sent out, it appears that LearnDash relies on part of the REST API and I guess by it being turned off by default messed something up. I had to rename my LearnDash folder to get back into the site.

An error of type E_ERROR was caused in line 553 of the file /home/xxxx/public_html/wp-content/plugins/sfwd-lms/includes/rest-api/v2/class-ld-rest-essays-controller.php. Error message: Uncaught TypeError: Argument 2 passed to LD_REST_Essays_Controller_V2::rest_collection_params_filter() must be an instance of WP_Post_Type, null given, called in /home/xxxx/public_html/wp-includes/class-wp-hook.php on line 307 and defined in /home/xxxx/public_html/wp-content/plugins/sfwd-lms/includes/rest-api/v2/class-ld-rest-essays-controller.php:553
Stack trace:
#0 /home/xxxx/public_html/wp-includes/class-wp-hook.php(307): LD_REST_Essays_Controller_V2->rest_collection_params_filter()
#1 /home/xxxx/public_html/wp-includes/plugin.php(191): WP_Hook->apply_filters()
#2 /home/xxxx/public_html/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php(2891): apply_filters()
#3 /home/xxxx/public_html/wp-content/plugins/sfwd-lms/includes/rest-api/v2/class-ld-rest-posts-controller.php(190): WP_REST_Posts_Controller->get_collec

Please update your compatibility values. It says now 5.8.5 and NOT TESTED with current WordPress.
We use MainWP and that is default set to 1 year maintenance. If not done, these plugins are co?nciderend out.
And perhaps there are no changes because this plupin is very good programmed, one should at least once per year publish an update.
Alson ‘Better Plugin Compatibility Control’ plugin will see this plugin is up to date with the current WordPress version.

Hi
even with this plugin active folks can still exploit the show all users bug

?rest_route=/wp/v2/users/

Adding toggle to redirect that big privacy hole in WP, would be wonderful.

??

Thank you for this great plugin, is there any way we can change the error message or a webhook we can use to change

{“code”:”rest_cannot_access”,”message”:”DRA: Only authenticated users can access the REST API.”,”data”:{“status”:401}}

Would like to be able to show a different message than “Only authenticated users can access the REST API”

Thanks

When testing with jQuery Migrate Helper — Warnings encountered
This page generated the following warnings:

wp-content/plugins/disable-json-api/js/admin-footer.js: jQuery.fn.change() event shorthand is deprecated
Please make sure you are using the latest version of all of your plugins, and your theme. If that is the case, then you may want to ask the developers of the code mentioned in your warnings to update it.

Could you please update? Thank you

The contact form 7 with this disable rest api plugin works it sends and gives the successful message but it takes over 60 seconds to send the emails, when I disable the plugin it send the emails in less than 2 seconds, is there any setting where we can improve the performance, or this is just how it works, it really makes it way to slow to submit?

First of all, thank you for this great plugin. This functionality should be in WP core!

I’m using this plugin with Jetpack with no apparent ill effects, except for when I visit the Jetpack admin page I get the PHP warning below when I have WP_DEBUG on:

Notice: Trying to access array offset on value of type null in /var/www/disablemycable.com/htdocs/wp-content/plugins/disable-json-api/classes/disable-rest-api.php on line 75

The page still renders and everything seems to work properly. I verified this behavior on two different sites. There is no error if I have WP_DEBUG off.

Could this be fixed with a simple check to see if the variable exists before testing it?

Many thanks,
Brian

Please, I want an update for this plugin because it’s been almost a year since it last updated…

Just an observation to newbies of this plugin such as myself, the root visibility has nothing to do with authorized endpoints.

Meaning: if we only select “Rest API Root” for a user role, the user will be able to see all endpoints but cannot use any of them.

On the other hand, if we check everything but “Rest API Root”, the user will have access to everything but won’t be able to see the list of all endpoints in /wp-json/

• This topic was modified 2 years, 11 months ago by brasofilo.
• This topic was modified 2 years, 11 months ago by brasofilo.

Great plugin, it’s very nice to have all this granular control over WP API and I will dig into all the possibilities as soon I can.

As a suggestion, I think it would be nice to have at least some reference in the plugin FAQs about common whitelists in order to not restrict certain “famous” plugins. The most obvious case is Contact Form 7, but I see a lot of stuff from WooCommerce and Yoast to name a few, which I don’t really know if I have to leave disabled or not.

I’m sure I will find out myself, but a lot of time could be saved with this kind of information and surely most users will appreciate it.

In the latest version, the plugin shows the settings as sliders instead of the previous checkboxes, which in my opinion are more intuitive to understand. Since the point of the slider only changes position, it is not clear whether you have to move the slider to the left or right to activate it.
Here a color marking would be helpful e.g. the point of the slider for active in another color to deposit.
This can be implemented quite easily by assigning an additional CSS class to the element <span class="slider">.
For active elements it becomes then e.g. <span class="slider active">.
Then the following CSS snippet should do the trick:
.slider.active::before{background-color:green !important}
This would make the point of the slider appear in green for active routes, while it would remain white for deactivated routes, and the plugin would again be intuitive to use as before.
Alternatively, you could do without the sliders and use the previous checkboxes.

It took me a lot of unnecessary time to figure out that I don’t have to move the slider to the left as I would have assume but instead I have to move it to the right to activate the routes. Therefore, I would appreciate it very much if you could apply my suggestion asap so that the plugin will become intutive to use again.

With collegial greetings from Germany

b.o.o. Alexander Behling
Head web developer
mumbo jumbo media
Osnabrück, Germany

Hi and thanks for this great plugin.

My application authenticates using JWT with the following plugin:
https://nl.www.ads-software.com/plugins/jwt-authentication-for-wp-rest-api/

After receiving the token, all of the REST API url’s give a CORS error. Not sure why though because because authenticated users can use every end-point according to my settings.

I’ve added this in the wp-config.php

define( 'JWT_AUTH_SECRET_KEY',	'really-secret-jwt-key' );
define( 'JWT_AUTH_CORS_ENABLE', true);

My .htaccess

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

Can you help me out?

Hi,

I was wondering if disabling the WP REST API for authenticated users blocks some functionality of certain plugins like Jetpack, Contact Form 7, etc.?

If it does, is there a way to allow those plugins to be able to use the REST API?

Best regards,

Tug

Plugin information ”Works as a “set it and forget it” install. ”

Its a great plugin but i would like to have a blacklist function as i am using the plugin only to disable the api for user enumeration in WordPress and would like to blacklist this api as for now when new APIs are added by plugins and WordPress I need to manually whitelist them or I am missing something? Thank you

Hi,

Firstly, great plugin, does exactly what I needed – so thank you for your efforts.

I have created some additional rest endpoints to support an integration to another system. This integration logs in as an administrator role, which is set to Allow Full REST API Access.

However, I get a DRA: Only authenticated users can access the REST API error when trying to use this endpoint.

If I set the administrator role to Manage REST Api Access, I can see that this endpoint I created is turned off. If I turn it on, it now works. If I then set the admin role to Allow full again, it still works. If I set it back to Manage and turn it off again, then set back to Allow Full, it no longer works.

Is there a logic issue in the order it looks to see if the access is allowed that is not allowing the Allow Full to override any endpoint level settings?

Thanks
Mark

Hello,

I was talking one of your colleagues about why my Site kit is not tracking any data yet (it was installed on the 18th of June) and we said:
By inspecting your site I can see REST API route is disabled. To communication with Google Services you need to disable Disable REST API plugin.

I need both plugins! Any idea on how can I solve this problem?

Thanks!

Hello

We have a store with a lot of plugins (woocommerce/membership/subscription/mailchimp etc..) and although we want to protect access to some parts like /wp-json/wp/v2/users/, we don’t want to break some essential features of our site.

Is there a way to check (without looking at the code for each plugin) if a plugin uses the rest api?

Thanks to you

When the plugin is actived, the WPML’s extension Management doesn’t work. I have an console error log in POST /index.php” 403

If woocommerce shipping and tax plugin is activated the site stops with 500 server error

Hi,

I’m finding problems with the plugin. When the plugin is activated, i can’t reach the website. If the plugin is deactivated i can reach my website and login to the wordpress cms. What can i do to activated it and that the website will work?

looking to hear from you.

HI

Plugin not blocking unusers to accesss after new verion that contains radiobutton ??
Please check it …

Hello:
I found out this plugin blocks the WordPress admin bar when using Oxygen builder.
Regards.