Disable JSON API Without Plugin to limit exposure and improve your WordPress security. Here’s how to do it with a quick tweak.
Step 1: Add the JSON API Disable Code
Add this to your child theme’s functions.php:
// Disable JSON REST API
add_filter(‘rest_enabled’, ‘__return_false’);
add_filter(‘rest_jsonp_enabled’, ‘__return_false’);
How It Works
These filters disable the REST API and JSONP support so your site no longer responds to wp-json requests from outside.
Why Disable JSON API Without Plugin?
Most small sites don’t use the REST API. Closing it helps prevent scraping bots and brute force attacks on endpoints.
Common Mistake
Some plugins and the block editor rely on the REST API. Always test your site’s key features after disabling it.
Pro Tip
Add this tweak in your child theme’s functions.php to make sure it stays active after theme updates.
Related Snippet
If you liked this, check out my guide on removing the RSS feed link without a plugin in WordPress.