Prevents public exposure of WordPress usernames through REST API endpoints. Helps improve WordPress security by reducing user enumeration attacks.
add_filter( 'rest_endpoints', 'wpfolks_disable_rest_user_endpoints' );
function wpfolks_disable_rest_user_endpoints( $endpoints ) {
if ( isset( $endpoints['/wp/v2/users'] ) ) {
unset( $endpoints['/wp/v2/users'] );
}
if ( isset( $endpoints['/wp/v2/users/(?P<id>[d]+)'] ) ) {
unset( $endpoints['/wp/v2/users/(?P<id>[d]+)'] );
}
return $endpoints;
}
