Disable WP REST API
Does one thing: Completely disables the WordPress REST API for visitors who are not logged into WordPress. No configuration required. Important: This plugin completely disables the WP REST API for visitors who are NOT logged in to WordPress. So not recommended if your site needs the WP REST API for any non-logged users. 👉 The fast, simple way to prevent abuse of your site’s REST/JSON API 👉 Protects your site’s REST data from all non-logged users and bots 👉 Uses only 4KB of code, so super lightweight, fast, and effective 🛠️ Pro version available! Check out REST Pro Tools » Features Disable REST/JSON for visitors (not logged in) Disables REST header in HTTP response for all users Disables REST links in HTML head for all users 100% plug-and-play, set-it-and-forget solution How does it work? This plugin completely disables the WP REST API unless the user is logged into WordPress. For logged-in (authenticated) users, WP REST API works normally For logged-out (unauthenticated) users, WP REST API is disabled What happens if logged-out visitor makes a JSON/REST request? They will get only a simple message: rest_login_required: REST API restricted to authenticated users. This message may customized via the filter hook, disable_wp_rest_api_error. Check out this post for an example of how to do it. Pro Version 🛠️ Check out the Pro version, REST Pro Tools, loaded with many awesome features: One-click disable all routes One-click disable all /users routes Disable any specific user routes based on role Whitelist any user IDs Whitelist any IP addresses Customize the REST error message Customize the REST response code Always require or force SSL/TLS Disable all JSONP shenanigans One-click disable any REST API headers Add any post meta (custom field) to REST API Add any user meta (custom field) to REST API Add routes for site profile and author profile Add routes for featured images and post categories Add routes for post taxonomies and terms At-a-glance check status of REST API The free version does only one thing: disables REST API for unauthenticated users. The PRO version can do that and much more! Take full control of the REST API with REST Pro Tools » Privacy This plugin does not collect or store any user data. It does not set any cookies, and it does not connect to any third-party locations. Thus, this plugin does not affect user privacy in any way. If anything it improves user privacy, as it protects potentially sensitive information from being displayed/accessed via REST API. Disable WP REST API is developed and maintained by Jeff Starr, 15-year WordPress developer and book author. Support development of this plugin I develop and maintain this free plugin with love for the WordPress community. To show support, you can make a donation or purchase one of my books: The Tao of WordPress Digging into WordPress .htaccess made easy WordPress Themes In Depth Wizard’s SQL Recipes for WordPress And/or purchase one of my premium WordPress plugins: BBQ Pro – Blazing fast WordPress firewall Blackhole Pro – Automatically block bad bots Banhammer Pro – Monitor traffic and ban the bad guys GA Google Analytics Pro – Connect WordPress to Google Analytics Head Meta Pro – Ultimate Meta Tags for WordPress REST Pro Tools – Awesome tools for managing the WP REST API Simple Ajax Chat Pro – Unlimited chat rooms USP Pro – Unlimited front-end forms Links, tweets and likes also appreciated. Thank you! 🙂
Top keywords
- rest30×5.28%
- api18×3.17%
- rest api17×2.99%
- pro15×2.64%
- wordpress14×2.46%
- users9×1.58%
- disable8×1.41%
- wp8×1.41%
- wp rest8×1.41%
- wp rest api8×1.41%
- user7×1.23%
- disables6×1.06%
Mescio for Agents
Mescio for Agents makes your WordPress site AI-ready by silently serving posts, pages and WooCommerce products as clean, structured Markdown to any AI agent or LLM pipeline that requests it — using the standard HTTP Accept: text/markdown content negotiation header. Human visitors using a browser are completely unaffected. Mescio for Agents only activates when an AI agent or crawler explicitly asks for Markdown. Why Markdown? Feeding raw HTML to an AI is expensive and noisy. A heading like ## About Us costs ~3 tokens in Markdown vs 12–15 tokens as HTML — before accounting for wrappers, navigation bars and script tags that carry zero semantic value. This blog post you are reading takes 16,180 tokens in HTML and 3,150 tokens in Markdown. That is an 80% reduction. Markdown has become the lingua franca for AI systems. Mescio for Agents lets your site speak it natively, at zero cost to your human visitors. How it works When an HTTP client sends a request with Accept: text/markdown, Mescio for Agents intercepts the WordPress request lifecycle before any template is rendered, converts the post content to clean Markdown, and returns it with the correct Content-Type: text/markdown header. curl https://yoursite.com/your-post/ \ -H "Accept: text/markdown" Features Zero configuration — works out of the box on any singular post, page or custom post type /llms.txt endpoint — auto-generated index of all your content in the llmstxt.org standard format, so AI agents can discover what’s on your site /llms-full.txt endpoint — full site content in a single Markdown file, ready for RAG pipelines WooCommerce support — product pages include price, SKU, stock status, rating, attributes and gallery; products are grouped by category in llms.txt YAML front matter — every document includes structured metadata (title, description, URL, date, categories, tags, featured image) Multilingual — detects language via WPML, Polylang, TranslatePress or WordPress locale; emits Content-Language and Link: rel=alternate headers REST API endpoint — /wp-json/mescio-for-agents/v1/markdown?id= or ?url= Page builder cleanup — aggressively strips Elementor, Divi, WPBakery and Beaver Builder layout noise Token count header — X-Markdown-Tokens tells AI pipelines how large the document is before processing Content Signals — emits Content-Signal: ai-train=yes, search=yes, ai-input=yes Correct HTTP caching — Vary: Accept ensures CDNs cache HTML and Markdown versions separately Response headers Content-Type: text/markdown; charset=utf-8 Content-Language: it (or detected language) Vary: Accept X-Markdown-Tokens: 725 Content-Signal: ai-train=yes, search=yes, ai-input=yes Link: ; rel="alternate"; hreflang="en" (when translations available) Multilingual plugin support WPML — reads language and available translations automatically Polylang — reads language and links to translated post IDs TranslatePress — reads trp_language post meta Manual — configure primary language and additional languages in Settings → Mescio for Agents REST API GET /wp-json/mescio-for-agents/v1/markdown?id=42 GET /wp-json/mescio-for-agents/v1/markdown?url=https://yoursite.com/my-page/ Developer hooks Filter: mescio_enabled_post_types — add or remove post types dynamically. Filter: mescio_pre_convert_content — modify the HTML before conversion to Markdown. Filter: mescio_post_convert_content — modify the Markdown after conversion. Privacy This plugin does not collect, store or transmit any personal data. It does not set cookies. It does not make external HTTP requests.