To Disable WordPress Rest API or Not To Disable?

I have my blog self hosted running WordPress and I Do NOT need the Wp-Rest API.

But as it turns out disabling it is causing to Contact Form 7 To not work. Contact form 7 simply shows the spinning circle infinitely.

As I read on wpbeginner (link here) that disabling will boost security.

So my question is if I leave it enabled, which I intend to do. What safety precautions should I take?

Thanks

2 s
2

You personally might not need or rely on the WP REST API, but clearly Contact Form 7 does. And so does WordPress core. Especially future versions (think Gutenberg) will heavily rely on the REST API and won‘t work without it.

There might be plugins that disable the API, but that‘s at your own risk and certainly doesn‘t make your site suddenly secure. It might decrease the possible attack surface, sure, but at the cost of breaking all parts that rely on the API.

tl;dr: There‘s no point in disabling the WordPress REST API.

Leave a Comment