What is the REST API?
REST is short for Representational State Transfer. It is a standard client-server protocol that makes your website available as a web service. This means, that other applications or websites can retrieve information available on your website without a browser to access the website.
To retrieve information from a target website you just need to send a specific HTTP GET request. This request is understood by REST and executed.
The REST architecture uses multiple formats such as plain text, HTML, JSON, XML, YAML, etc to deliver requested data.
Let’s discuss the security risk and how you can disable WP API JSON.
Security Risks Posed by WP API JSON
Website User Data Disclosure
On sending an HTTP GET request
example.com/wp-json/wp/v2/users, we get the list of all the users on the website. Notice that the REST renders the ID number, name, URL, description, link, slug, avatar_urls, meta, and more.
Check If your website has User Data Disclosure If Yes got to next Step.
How to Disable WP API JSON?
Add This Code on PHP Snippets plugin Or on Function.php ( Your Theme )
remove_action(‘rest_api_init’, ‘create_initial_rest_routes’, 99);