Solved: Coming Soon Mode Blocks WordPress API
This article is about a very specific situation where you have a WordPress website on a live web server in development or staging that you want to hide from internet users and the search engines without also blocking access to the API.
The correct approach of displaying a coming soon page and returning a 503 header effectively blocks WordPress API access so I tried a few different approaches including plugins that hide the front end from non authenticated users or password protect the entire site. In each test the API access was also blocked until I stumbled a free plugin called ‘Password Protected’ by Ben Hunson.
Once the plugin is installed and activated go to Settings > Password Protected and you’ll see a few handy options including one labelled ‘Allow REST API Access’. Tick this, add your preferred password, click Save Changes and you’re up and running.
I’m very grateful to Ben for developing this quick fix to my problem and since I stumbled across it by pure luck I hope this blog post helps the next guy find the solution straight away.