Reputation: 3
How can I disable the “Linking and Embedding” feature of Wordpress REST API?
In Notion, when I paste a wordpress page or post link into a note, the “mention” feature appears. When you use this feature, it adds the author username of the page or post into the note. I want to turn this off. In fact, my only goal is to prevent wp usernames from leaking out.
I tried the code below, this code sends the endpoint “/wp-json/wp/v2/users/1” to 404, but Notion can still somehow find the username.
<?php
function disable_users_endpoint( $endpoints ) {
if ( isset( $endpoints['/wp/v2/users'] ) ) {
unset( $endpoints['/wp/v2/users'] );
}
if ( isset( $endpoints['/wp/v2/users/(?P<id>[\d]+)'] ) ) {
unset( $endpoints['/wp/v2/users/(?P<id>[\d]+)'] );
}
return $endpoints;
}
add_filter( 'rest_endpoints', 'disable_users_endpoint' );
?>
Upvotes: 0
Views: 37
Answers (2)
Reputation: 1
Hello fellow WordPress user,
the functionality you are experiencing is likely generated by you SEO plugin, which creates a json element in every page of your website in order to display Post or Page meta data. Inside those meta data, the author name is included.
You can verify that by inspecting the website with Inspect Element of any browser, and then search for the keyword "author". If you discover the author is displayed in the json object, then this is your issue.
The way to come around that is to use filters to remove the Author completely from your plugin generated SEO data. E.g. if it's Rank Math or Yoast, search for a filter to remove authors from pages in their respective documentation.
For example in Rank Math you can use the below as indicated in their documentation:
You can add the following code snippet to your theme's rank-math. php file:
add_filter( 'rank_math/json_ld', function( $data, $jsonld ) {
if ( isset( $data['BlogPosting'] ) ) {
unset( $data['BlogPosting']['author']); // Remove author information
}
return $data;
}, 99, 2);
Source: https://support.rankmath.com/ticket/remove-authors-name-from-page-code/
Upvotes: -1
Reputation: 111
There are following things you can do :
1- Redirect Author Archives to Home page :
function disable_author_archives() {
if (is_author()) {
wp_redirect(home_url(), 301);
exit;
}
}
add_action('template_redirect', 'disable_author_archives');
2- WordPress may expose usernames in meta generator tags. To resolve this :
remove_action('wp_head', 'wp_generator');
remove_action('wp_head', 'rest_output_link_wp_head');
remove_action('wp_head', 'wp_oembed_add_discovery_links');
3- Your code blocks wp-json/wp/v2/users/1, but usernames can still be exposed via other endpoints, such as:
/wp-json/wp/v2/posts/ (which may return author details).
To fix this completely hide user data from REST API:
function remove_user_endpoints( $data, $post, $request ) {
if (!is_admin()) {
unset($data->data['author']);
}
return $data;
}
add_filter('rest_prepare_post', 'remove_user_endpoints', 10, 3);
function disable_rest_user_query( $response, $user, $request ) {
return is_admin() ? $response : new WP_Error('rest_forbidden', __('Not allowed'), array('status' => 403));
}
add_filter('rest_prepare_user', 'disable_rest_user_query', 10, 3);
Upvotes: 0
Related Questions
- How do I get a YouTube video thumbnail from the YouTube API?
- How do I get the current date and time in PHP?
- How can I capture the result of var_dump to a string?
- Wordpress REST API (wp-api) 404 Error: Cannot access the WordPress REST API
- Custom endpoint in REST API - Wordpress
- How can I add a PHP page to WordPress?
- Query Multiple Post Types Using WP REST API V2 (WordPress)
- How do I set up WordPress at the root but still use /username URLs?