What is the WordPress REST API?
REST stands for Representational State Transfer, while API refers to Application Programming Interface. Essentially, the WordPress REST API is a collection of code that facilitates communication between WordPress and other systems in a way that guarantees compatibility.
This means that external platforms such as a mobile app or a third-party website can interact with your WordPress database, retrieve information, and even add data to it.
Remove REST API links From Header without Plugin
Most sites don’t use the WordPress REST API. If your site is one of those, you can safely remove the link with this feature.
// Disable REST API add_filter('rest_enabled', '__return_false'); add_filter('rest_jsonp_enabled', '__return_false'); // Remove REST API links from HTTP headers remove_action('template_redirect', 'rest_output_link_header', 11, 0); // Remove REST API links from WP head remove_action('wp_head', 'rest_output_link_wp_head', 10); // Remove oEmbed discovery links remove_action('wp_head', 'wp_oembed_add_discovery_links', 10);
// Remove Head API remove_action('wp_head', 'rest_output_link_wp_head'); remove_action('wp_head', 'wp_oembed_add_discovery_links');
Many security plugins like Wordfence, iThemes Security, and Sucuri have an option to disable the REST API. Enabling this option will remove all REST API related links and scripts from your WordPress site.
Note that disabling the REST API may impact some features of your WordPress site and some plugins may not work properly. Therefore, it’s recommended to test your site thoroughly after disabling the REST API.