Restrict Rest API access

creativ3y3
(@creativ3y3)

7 years, 11 months ago

I am planning to use wordpress API and need to allow access to a number of custom posts etc, it possible to restrict access to WordPress API JSON output unless the request is from a certain web address?

Any advice appreciated

Viewing 4 replies - 1 through 4 (of 4 total)

a2hostingrj
(@a2hostingrj)

7 years, 11 months ago
Yes, using the rest_authentication_errors filter:
```
add_filter( 'rest_authentication_errors', 'filter_incoming_connections' );

function filter_incoming_connections( $errors ){

    $allowedAddress = array( '127.0.0.1' );
    $requestServer = $_SERVER['REMOTE_ADDR'];

    if( ! in_array( $requestServer, $allowedAddress ) )
        return new WP_Error( 'forbidden_access', 'Access denied', array( 'status' => 403 ) );

    return $errors; 

}
```
- This reply was modified 7 years, 11 months ago by bcworkz. Reason: code fixed
Moderator bcworkz
(@bcworkz)

7 years, 11 months ago

@a2hostingr – great answer!

An aside, next time you post code in these forums, please use the code button (or type a backtick) instead of block quote. Code within block quotes cannot be copy/pasted without imparting syntax errors. Not so with code formatted as such. Fixed it for ya this time 🙂

creativ3y3 – if you copied the above code and got syntax errors, try again with the new format.

Dion
(@diondesigns)

7 years, 11 months ago

More and more plugin authors are being lazy and using the REST API to handle requests that are much more efficiently handled with built-in code. Those requests will either come from your server’s IP address, or from a user’s IP address if it was sent via AJAX.

If you are using such a plugin, the code you want to add will probably break the plugin.

Thread Starter creativ3y3
(@creativ3y3)

7 years, 11 months ago

Great info guys thanks I will give it a shot