עב ]
search ]

Restrict REST API to Logged-In Users Only

Published on Feb 17, 2026 No Comments

The WordPress REST API is public by default. If you do not need public access, restrict it to logged-in users. Add to your functions.php file. For more ways to secure the WordPress REST API.

add_filter( 'rest_authentication_errors', function( $result ) {
	if ( ! is_user_logged_in() ) {
		return new WP_Error( 'rest_not_logged_in', 'You must be logged in.', array( 'status' => 401 ) );
	}
	return $result;
} );
Join the Discussion
0 Comments  ]

Leave a Comment

To add code, use the buttons below. For instance, click the PHP button to insert PHP code within the shortcode. If you notice any typos, please let us know!

Savvy WordPress Development official logo