Hi,
I followed tutorial but cf7 still not working and I keep getting 401 erros in dev console. Anyone encountered with this issue?
]]>Hi,
I need to whitelists few public custom APIs. Refered Enable Contact Form 7 to Work with Disable WP REST API | Perishable Press, but this helps for fixed URLs and not APIs with params (query string).
Is there any option to whitelist APIs with wildcard patter or query string?
Thanks,
Yash
Hey Jeff, the following keeps showing up my errorlogs
[08-Aug-2023 18:43:18 UTC] PHP Fatal error: Uncaught TypeError: call_user_func_array(): Argument #1 ($callback) must be a valid callback, function “disable_wp_rest_api_error_custom” not found or invalid function name in /home/customer/www/vintageheavymetal.com/public_html/wp-includes/class-wp-hook.php:308
Stack trace: 0 /home/customer/MYSITE/public_html/wp-includes/plugin.php(205): WP_Hook->apply_filters(‘REST API restri…’, Array) 1 /home/customer/MYSITE/public_html/wp-content/plugins/disable-wp-rest-api/disable-wp-rest-api.php(54): apply_filters(‘disable_wp_rest…’, ‘REST API restri…’) 2 /home/customer/MYSITE/public_html/wp-includes/class-wp-hook.php(308): disable_wp_rest_api(NULL) 3 /home/customer/MYSITE/public_html/wp-includes/plugin.php(205): WP_Hook->apply_filters(NULL, Array) 4 /home/customer/MYSITE/public_html/wp-includes/rest-api/class-wp-rest-server.php(189): apply_filters(‘rest_authentica…’, NULL) 5 /home/customer/MYSITE/public_html/wp-includes/rest-api/class-wp-rest-server.php(439): WP_REST_Server->check_authentication() 6 /home/customer/MYSITE/public_html/wp-includes/rest-api.php(410): WP_REST_Server->serve_request(‘/wp/v2/users’) 7 /home/customer/MYSITE/public_html/wp-includes/class-wp-hook.php(308): rest_api_loaded(Object(WP)) 8 /home/customer/MYSITE/public_html/wp-includes/class-wp-hook.php(332): WP_Hook->apply_filters(”, Array) 9 /home/customer/MYSITE/public_html/wp-includes/plugin.php(565): WP_Hook->do_action(Array) 10 /home/customer/MYSITE/public_html/wp-includes/class-wp.php(399): do_action_ref_array(‘parse_request’, Array) 11 /home/customer/MYSITE/public_html/wp-includes/class-wp.php(780): WP->parse_request(”) 12 /home/customer/MYSITE/public_html/wp-includes/functions.php(1334): WP->main(”) 13 /home/customer/MYSITE/public_html/wp-blog-header.php(16): wp() 14 /home/customer/MYSITE/public_html/index.php(17): require(‘/home/customer/…’) 15 {main}
thrown in /home/customer/MYSITE/public_html/wp-includes/class-wp-hook.php on line 308
]]>Hi there,
I have a site where I need to disable the RestAPI for non logged users, but still need to keep the notification endpoint open for all users. Is this possible with this plugin?
Cheers,
Dan
]]>We are using Disable WP REST API with WordPress 6.2.
https://www.example.com/wp-json/ returns a 401 as expected, but a query of the users with https://www.example.com/wp-json/wp/v2/users returns the user list.
]]>Line 99 in disable-wp-rest-api.php should be
if (isset($_SERVER['REQUEST_URI']) && $_SERVER['REQUEST_URI'] === $server_var) return true;
Is there a way to allow requests with valid Application Passwords access to the REST API while this plugin is enabled? i.e. block all access to the REST API unless there is a valid Application Password.
]]>By default this plugin disables REST API for users who are not logged in. So if your site is using any plugins (such as Contact Form 7) that require the REST API, they’re not going to work when Disable REST API is enabled.
As of Disable WP REST API version 2.5, it’s possible to enable Contact Form 7. Here is a complete guide. Basically add your contact-form REST URIs with a bit of custom code and done. Check the linked tutorial for all the details. Let me know if any questions. Cheers.
]]>Hi Jeff,
I installed your pluggin + CF7 addon from “https://perishablepress.com/disable-wp-rest-api/#contact-form-7” but I get an error in console: https://domain.com/wp-json/contact-form-7/v1/contact-forms/74/refill 401 (Unauthorized)
Any help? Thanks!
]]>Enabling this plugin, will it disable oEmbed? Which generally requires REST API to work.
]]>Hello,
I downloaded “allow REST access for CF7” from https://perishablepress.com/disable-wp-rest-api/#contact-form-7
but I can’t install it, the error “The package could not be installed. PCLZIP_ERR_BAD_FORMAT (-10) : Invalid End of Central Dir Record size : 17” after I uploaded to WordPress and pressed install.
Please advise.
Thanks
]]>Prevents MAC’s from submitting Comtact Form 7 Forms
]]>I installed this plugin on my WordPress multisite, and it seemed to have no effect at all. Hitting /wp-json produced the usual page full of API information. I tried “network activating” the plugin, and activating it per site. No effect either way.
Is the plugin supposed to work for multisite? Thanks.
]]>Hi, I’m trying to use the Jetpack Boost plugin (https://www.ads-software.com/plugins/jetpack-boost/) but get the following error.
“Your site’s REST API does not seem to be accessible. Jetpack Boost requires access to your REST API in order to receive site performance scores. Please make sure that your site’s REST API is active and accessible, and try again.”
How do I whitelist only the Jetpack Boost plugin so it can access my REST API? Any help would be most appreciated.
]]>Hi,
I understand that this plugin disables the REST API completely unless logged in. We are using Wordfence Central that relies on the REST API to start scans remotely and syncs configuration.
I saw there is a Contact Form 7 solution that works together with this plugin. Is there something similar that can be done for Wordfence Central?
Maybe allow certain endpoints by using the disable_wp_rest_api_post_var filter?
]]>Hello,
When I try to make a POST call to an endpoint “/wp-json/wp/v2/posts” with an application password, I get a rejected response with an 401 Unauthorized status.
Access to fetch at 'https://xxxxxxxxx.com/wp-json/wp/v2/posts' from origin 'https://xxxxxxxx.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.
This doesn’t happen when I do it from Postman, apparently, as said here how postman and the browser send the OPTIONS request are different, and it seems that with this plugin is demanding authorization on the the pre-flight OPTIONS request, which should not be required.
Is there any way to fix this?
Thanks!
]]>Hello Jeff, kindly have a look at what I ran across in my errorlog. Thanks.
[31-Mar-2021 23:00:12 UTC] PHP Fatal error: Uncaught TypeError: call_user_func_array(): Argument #1 ($function) must be a valid callback, function “disable_wp_rest_api_error_custom” not found or invalid function name in /home/customer/www/*******/public_html/wp-includes/class-wp-hook.php:292
Stack trace:
#0 /home/customer/www/*******/public_html/wp-includes/plugin.php(212): WP_Hook->apply_filters(‘REST API restri…’, Array)
#1 /home/customer/www/*******/public_html/wp-content/plugins/disable-wp-rest-api/disable-wp-rest-api.php(54): apply_filters(‘disable_wp_rest…’, ‘REST API restri…’)
#2 /home/customer/www/*******/public_html/wp-includes/class-wp-hook.php(292): disable_wp_rest_api(NULL)
#3 /home/customer/www/*******/public_html/wp-includes/plugin.php(212): WP_Hook->apply_filters(NULL, Array)
#4 /home/customer/www/*******/public_html/wp-includes/rest-api/class-wp-rest-server.php(188): apply_filters(‘rest_authentica…’, NULL)
#5 /home/customer/www/*******/public_html/wp-includes/rest-api/class-wp-rest-server.php(409): WP_REST_Server->check_authentication()
#6 /home/customer/www/*******/public_html/wp-includes/rest-api.php(354): WP_REST_Server->serve_request(‘/wp/v2/types/po…’)
#7 /home/customer/www/*******/public_html/wp-includes/class-wp-hook.php(292): rest_api_loaded(Object(WP))
#8 /home/customer/www/*******/public_html/wp-includes/class-wp-hook.php(316): WP_Hook->apply_filters(”, Array)
#9 /home/customer/www/*******/public_html/wp-includes/plugin.php(551): WP_Hook->do_action(Array)
#10 /home/customer/www/*******/public_html/wp-includes/class-wp.php(388): do_action_ref_array(‘parse_request’, Array)
#11 /home/customer/www/*******/public_html/wp-includes/class-wp.php(750): WP->parse_request(”)
#12 /home/customer/www/*******/public_html/wp-includes/functions.php(1291): WP->main(”)
#13 /home/customer/*******/public_html/wp-blog-header.php(16): wp()
#14 /home/customer/*******/public_html/index.php(17): require(‘/home/customer/…’)
#15 {main}
thrown in /home/customer/www/*******/public_html/wp-includes/class-wp-hook.php on line 292
Hello,
Can you think of a reason why this plugin works with a site on link.com and not https://www.link.com ? I have 3 different WPs that experience the same behaviour. Can anyone help ?
Thanks,
Gromek
Text shown in FAQ has two same linktexts ‘Disable REST API’:
Yep, actually there are two other “Disable REST” plugins:
Disable REST API
Disable REST API
But first one links to ‘Disable JSON API’
https://www.ads-software.com/plugins/disable-json-api/
Hi Jeff,
Happy holidays ??
You know that thing when “a new problem” occurs and googling directs to your own post / writing lol?
related topics:
https://www.ads-software.com/support/topic/contact-form-7-non-sending-emails/
https://www.ads-software.com/support/topic/contact-form-7-dont-work-with-disabled-rest-api/
Yeah, I noticed in error logs that CF7 failed, and given the errors, this plugin was the main suspect. It was 1.5 years ago when I fixed this with a patch, and you should just ask me what it was back then (haven’t noticed further topics and conversations), because it was a very simple patch.
I didn’t originally post a solution here, because it was a very simple one, and I thought it would be added as an option in the plugin’s settings, because not everyone needs / wants it (e.g. CF7 is not used by everyone).
Problem: CF7 not sending emails
jquery.min.js:2 POST https://.../wp-json/contact-form-7/v1/contact-forms/.../feedback 401 (Unauthorized)
jquery.min.js:2 XHR failed loading: POST "https://.../wp-json/contact-form-7/v1/contact-forms/.../feedback".
rest api response
{"code":"rest_login_required","message":"REST API restricted to authenticated users.","data":{"status":401}}
Solution is simple like this:
in function disable_wp_rest_api() change the line from:
if (!is_user_logged_in()) {
to this:
if ( !is_user_logged_in() && empty($_POST['_wpcf7']) ) {
It does not check any security tokens.
Hopefully, you’ll add this in the future, because with each update it stops working, and that could be very bad for many users, unless they apply this patch.
Thanks!
Regards
Hi.
Is WPMU supported (Multisite), or is only stand-alone installations of WordPress supported?
Thanks in advance for your answer.
Kind regards
]]>Hey i am using wp-json/wp/v2/posts to list my post but i want some extra field there too so i want to know from where this result is coming i mean from which file so that i can add the extra arguments there and get them through this API Please help
]]>After active Disable Rest API, Contact form 7 doesn’t work. What can i do?
]]>Alright this plugin works fine to disable rest api, But how can I customize it to redirect to 404.
]]>Hi,
I am using Contact form 7. When your plugin is in active state, it is not allowing me to send emails from smaller devices. But when i deactivate your plugin emails are going.
I have implemented this plugin. It works great for non logged in user but for logged in user used via Postman, it shows the following. Could you please help solve this. I have latest wordpress install till date.
Login Warning
There was an issue with your log in. Your user account has logged in recently from a different location.
Hi,
I get a console error when I click SEND button using ContactForm7:
“Failed to load resource: the server responded with a status of 401 (Unauthorized)”
How can I apply the patch added by @darko-a7 on this topic?
https://www.ads-software.com/support/topic/contact-form-7-dont-work-with-disabled-rest-api/
Thank you!
]]>Will this plugin make an issue my website viewr’s contact form 7 form submission?
]]>Hello,
is the plugin supposed to allow API access from an external source that do authenticate using Woocommerce API Key? I can’t make it to work.
I wonder if the functionality could be easily added to your plugin or if there is a reason for it to not be present.
]]>I deactivated this plugin after I discovered this will also block PWA for work.
]]>