What is the WordPress REST API?
The WordPress REST API is a programming interface that enables developers to access WordPress content from external sources. By using JavaScript, it can be leveraged to create dynamic websites and applications.
REST stands for Representational State Transfer, while API refers to Application Programming Interface. Essentially, the WordPress REST API is a collection of code that facilitates communication between WordPress and other systems in a way that guarantees compatibility.
This means that external platforms such as a mobile app or a third-party website can interact with your WordPress database, retrieve information, and even add data to it.
Remove REST API links From Header without Plugin
Most sites don’t use the WordPress REST API. If your site is one of those, you can safely remove the link with this feature.
// Disable REST API
add_filter('rest_enabled', '__return_false');
add_filter('rest_jsonp_enabled', '__return_false');
// Remove REST API links from HTTP headers
remove_action('template_redirect', 'rest_output_link_header', 11, 0);
// Remove REST API links from WP head
remove_action('wp_head', 'rest_output_link_wp_head', 10);
// Remove oEmbed discovery links
remove_action('wp_head', 'wp_oembed_add_discovery_links', 10);
OR
// Remove Head API
remove_action('wp_head', 'rest_output_link_wp_head');
remove_action('wp_head', 'wp_oembed_add_discovery_links');
Many security plugins like Wordfence, iThemes Security, and Sucuri have an option to disable the REST API. Enabling this option will remove all REST API related links and scripts from your WordPress site.
Note that disabling the REST API may impact some features of your WordPress site and some plugins may not work properly. Therefore, it’s recommended to test your site thoroughly after disabling the REST API.