What is the impact on Core to disable REST API?

  • Resolved firebird75

    (@firebird75)


    5 years, 4 months ago

    Hello,

    I have discovered that the REST API was exposing a good number of datas publicly. I’d like to understand what is the impact on WP Core if I disable it completely? What are the features relying on the REST API right now? Reading the docs, it looks like it is mostly to do kind of automated tasks remotely like updating posts or things like that. But will it prevent WP automatic update for instance?

    Thank you!

Viewing 4 replies - 1 through 4 (of 4 total)
  • Moderator bcworkz

    (@bcworkz)

    The block editor for one relies upon the API. Going forward, more and more of WP will be using the API. Disabling it is strongly discouraged. If it’s exposing sensitive data, you maybe should rethink how that data is managed. It’s also possible to unset specific types of data before output through the various “rest_prepare_{$object_type}” filters.

    Thread Starter firebird75

    (@firebird75)

    Thank you for your answer. This core use of the API is for logged in users only, isn’t it? So if I disable it for non logged in users, it is safe and won’t hurt the site, isn’t it?

    Thanks again!

    Moderator bcworkz

    (@bcworkz)

    I believe some themes use it on the front end, but if yours does not it should be safe to alter the API to require being logged in for any API request. Unless you wrote your own theme, API use might be difficult to discern. Disabling the API and testing thoroughly is as good a way to find out as any.

    Thread Starter firebird75

    (@firebird75)

    Thanks a lot for taking the time to reply ??

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘What is the impact on Core to disable REST API?’ is closed to new replies.