Prevents AI bots and spam requests from abusing REST endpoints.
add_action( 'rest_api_init', 'rds_api_rate_limit' );
function rds_api_rate_limit() {
$ip = $_SERVER['REMOTE_ADDR'];
$key = 'rds_api_limit_' . md5( $ip );
$requests = (int) get_transient( $key );
if ( $requests > 100 ) {
wp_die(
'Too many requests.',
'Rate Limit',
array( 'response' => 429 )
);
}
set_transient( $key, $requests + 1, HOUR_IN_SECONDS );
}