通过 www.yourdomain.com/wp-json/ 查看所有 API 端口
禁用未登录用户获取 API
- add_filter( 'rest_api_init', 'rest_only_for_authorized_users', 99 );
- function rest_only_for_authorized_users($wp_rest_server){
- if ( !is_user_logged_in() ) {
- wp_die('Illegal operation!');
- }
- }
禁用部分 API 端点
如:禁用 users 相关
- add_filter( 'rest_endpoints', function( $endpoints ){
- if ( isset( $endpoints['/wp/v2/users'] ) ) {
- unset( $endpoints['/wp/v2/users'] );
- }
- if ( isset( $endpoints['/wp/v2/users/(?P<id>[\d]+)'] ) ) {
- unset( $endpoints['/wp/v2/users/(?P<id>[\d]+)'] );
- }
- return $endpoints;
- });
如:去除 oembed
- foreach ($endpoints as $key=>$value){
- if(preg_match("/^(\/wp\/v2|\/oembed\/1.0|\/ft\/v1)/",$key)){
- unset( $endpoints[$key] );
- }
- }
- if ( isset( $endpoints['/'] ) ) {
- unset( $endpoints['/'] );
- }
移除所有 API
- add_action(' plugins_loaded ',function(){
- remove_filter(' rest_api_init ',' create_initial_rest_routes ');
- });
登录用户不移除 oembed
- add_filter( 'rest_endpoints', function( $endpoints ){
- foreach ($endpoints as $key=>$value){
- if(preg_match("/^(\/wp\/v2|\/oembed\/1.0|\/ft\/v1)/",$key) && defined(AUTH_KEY)){
- unset( $endpoints[$key] );
- }
- }
- if ( isset( $endpoints['/'] ) ) {
- unset( $endpoints['/'] );
- }
- return $endpoints;
- });
注册添加新的 API 接口
- function da_rest_hello_callback() {
- return 'hello new api';
- }
- function da_rest_register_route() {
- register_rest_route( 'myapi/', 'hello', [
- 'methods' => 'GET',
- 'callback' => 'da_rest_hello_callback'
- ] );
- }
- add_action( 'rest_api_init', 'da_rest_register_route');
通过访问 wp-json/myapi/hello
,则会出现hello new api
。
完整参考:https://ninghao.net/blog/5492
精简端口中的字段,如:精简 posts 中的一些template
,ping_status
...
- function da_rest_prepare_post( $data, $post, $request ) {
- $_data = $data->data;
- $params = $request->get_params();
- unset( $_data['excerpt'] );
- unset( $_data['author'] );
- unset( $_data['featured_media'] );
- unset( $_data['format'] );
- unset( $_data['ping_status'] );
- unset( $_data['comment_status'] );
- unset( $_data['sticky'] );
- unset( $_data['template'] );
- $data->data = $_data;
- return $data;
- }
- add_filter( 'rest_prepare_post', 'da_rest_prepare_post', 10, 3 );
找回隐藏的 posts meta 所有字段
- register_rest_field( 'post', 'metadata', array(
- 'get_callback' => function ( $data ) {
- return get_post_meta( $data['id'], '', '' );
- },
- ));
找回隐藏的 posts meta 部分字段,如 thumb_image
- function da_rest_prepare_post( $data, $post, $request ) {
- $_data = $data->data;
- $params = $request->get_params();
- $thumb = get_post_meta( $post->ID, 'thumb' );
- if($thumb){
- $_data['thumb_image'] = $thumb;
- }
- $data->data = $_data;
- return $data;
- }
- add_filter( 'rest_prepare_post', 'da_rest_prepare_post', 10, 3 );
完全移除 REST API 并去除头部 wp-json 链接
- //屏蔽 REST API
- add_filter('json_enabled', '__return_false' );
- add_filter('json_jsonp_enabled', '__return_false' );
- add_filter('rest_enabled', '__return_false');
- add_filter('rest_jsonp_enabled', '__return_false');
- // 移除头部 wp-json 标签和 HTTP header 中的 link
- remove_action('wp_head', 'rest_output_link_wp_head', 10 );
- remove_action('template_redirect', 'rest_output_link_header', 11 );
完毕!