To stop users from posting to your default WordPress feedback form via the WordPress API, you need to disable or restrict access to the relevant REST API endpoints. You can achieve this by using custom code, either in your theme’s functions.php file or by developing a custom plugin.
Here are some steps to help you do this:
Using functions.php:
-
Open your WordPress theme’s
functions.phpfile:- You can find this file in your theme’s folder, typically under
wp-content/themes/your-theme/functions.php.
- You can find this file in your theme’s folder, typically under
-
Add a custom function to disable the endpoint:
- You can use the
rest_authentication_errorsfilter to deny access to specific API endpoints.
function disable_rest_endpoints_for_feedback($result) { if (isset($_SERVER['REQUEST_URI']) && strpos($_SERVER['REQUEST_URI'], 'wp/v2/feedback') !== false) { return new WP_Error('rest_disabled', __('The REST API is disabled for feedback form submissions.', 'your-text-domain'), array('status' => 403)); } return $result; } add_filter('rest_authentication_errors', 'disable_rest_endpoints_for_feedback'); - You can use the
-
Save the changes:
- Ensure that your changes are saved and then clear your site’s cache (if applicable).
Developing a Custom Plugin:
-
Create a new plugin file:
- Create a new directory in your
wp-content/pluginsfolder, e.g.,disable-feedback-api. - Inside that directory, create a PHP file, e.g.,
disable-feedback-api.php.
- Create a new directory in your
-
Edit the new plugin file and add the following code:
<?php /* Plugin Name: Disable Feedback API Description: Disables the REST API endpoint for feedback form submissions Version: 1.0 Author: Your Name */ function disable_rest_endpoints_for_feedback($result) { if (isset($_SERVER['REQUEST_URI']) && strpos($_SERVER['REQUEST_URI'], 'wp/v2/feedback') !== false) { return new WP_Error('rest_disabled', __('The REST API is disabled for feedback form submissions.', 'your-text-domain'), array('status' => 403)); } return $result; } add_filter('rest_authentication_errors', 'disable_rest_endpoints_for_feedback'); -
Activate the plugin:
- Go to the WordPress admin dashboard.
- Navigate to
Plugins > Installed Pluginsand find the "Disable Feedback API" plugin. - Click "Activate" to enable the plugin.
By following either of these methods, you’ll effectively block users from posting to your feedback form via the WordPress REST API, ensuring better control and security over form submissions.