The /?rest_route URL is the non-prettified model of /wp-json, which is the URI the WordPress REST API makes use of.
The REST API shouldn’t be disabled for the reason that Admin UI depends upon it. Having mentioned that, you may require the REST API solely service authenticated customers. To require authentication, add the next rest_authentication_errors filter:
add_filter( 'rest_authentication_errors', operate( $consequence ) {
// If a earlier authentication examine was utilized,
// move that consequence alongside with out modification.
if ( true === $consequence || is_wp_error( $consequence ) ) {
return $consequence;
}
// No authentication has been carried out but.
// Return an error if person just isn't logged in.
if ( ! is_user_logged_in() ) {
return new WP_Error(
'rest_not_logged_in',
__( 'You aren't presently logged in.' ),
array( 'standing' => 401 )
);
}
// Our customized authentication examine should not have any impact
// on logged-in requests
return $consequence;
});
I added it to my /wp-includes/rest-api.php file as a part of the rest_api_default_filters() operate definition. Clearly, this can be overwritten as quickly as a brand new model of WordPress is launch, so that is solely a brief measure. After I go to my web site by way of the REST API url above, with out being authenticated, I see the next:
