WordPress REST API

Redirection uses the WordPress REST API to communicate with WordPress.

Sometimes a site has problems using the REST API, and this can be caused by:

  • The REST API has been disabled
  • Requests to the REST API are being redirected
  • Security software is blocking requests
  • Using different URLs for your site and WordPress URL settings in Settings > General

These are all solvable.

You can test your API by accessing /wp-json/ on your site. You may see:

  • A lot of data. Your API is working
  • An error page. Your API has been disabled or blocked
  • A redirect to another page

Disabled REST API

This is a simple one and just involves not disabling the REST API! If you used a plugin to disable the API then you will need to configure that plugin to allow Redirection to use the API.

Redirected Requests

This is likely also caused by a plugin, or maybe an aggressive redirect. You will need to configure your plugin to not redirect requests to the API.

Security Software

The WordPress API uses standard communication techniques, but sometimes security software can aggressively block it and return errors. You will need to configure your security software to not block API requests.

Your REST API may appear to work when you view /wp-json/ in a browser, but fail to work in Redirection. You may see a message that includes:

  • rest_forbidden
  • rest_no_route

HTTP codes

The HTTP code returned can indicate the source of the problem:

  • 301 – Your REST API is being redirected. The likely cause is that your site is changing protocol between http and https, but your WordPress URL settings don’t match the target. Go to your Settings > General page and update the URLs to match your site
  • 403 – The request is forbidden. This is likely caused by a security plugin or server setting that is actively blocking the request
  • 404 – Page not found. Something on your site is return a standard 404 error page. You will need to investigate this further.
  • 500 – A server error. This could be caused by a security plugin, or even your server is running out of memory

Known problem software

This software is known to cause problems with the REST API. It is not exclusive, and they often can be configured to allow the REST API:

  • WP-Spamshield
  • Sucuri
  • Cloudflare – see this guide
  • mod_security
  • OVH – do you use OVH and have http.firewall enabled? This will break the WordPress REST API. Contact OVH support and ask them to fix it!

Different URL settings

If you have different URLs on your Settings > General page then it can prevent your browser from accessing your REST API. For example, one URL may be a http and one may be https.

Likewise you may have different domain names. This usually indicates a problem and making these the solve the issue.

search previous next tag category expand menu location phone mail time cart zoom edit close