PHP 49
Remove users from WP-JSON - Rest / Route users By micha on 1st March 2024 08:20:43 PM
  1. By default it is possible to call the route `{domain}/wp-json/wp/v2/users` and also `{domain}/wp-json/wp/v2/users/1`
  2. This is a security issue because of shown login usernames.
  3.  
  4. // Disable /users rest routes
  5. add_filter('rest_endpoints', function( $endpoints ) {
  6.     if ( isset( $endpoints['/wp/v2/users'] ) ) {
  7.         unset( $endpoints['/wp/v2/users'] );
  8.     }
  9.     if ( isset( $endpoints['/wp/v2/users/(?P<id>[\d]+)'] ) ) {
  10.         unset( $endpoints['/wp/v2/users/(?P<id>[\d]+)'] );
  11.     }
  12.     return $endpoints;
  13. });

Paste is for source code and general debugging text.

Login or Register to edit, delete and keep track of your pastes and more.

Recent Pastes

Elementor Sticky[...]

JS baseURL

ASCI Banner

Jump to anchor / go[...]

Phpstorm[...]

Wp user[...]

WP CPT Custom Icon[...]

WP get assigned[...]

Linux / Ubuntu[...]

SQL replace[...]

Raw Paste

Login or Register to edit or fork this paste. It's free.

Copyright © 2025 Paste. All rights reserved.
Powered by Paste