WP 4.7; how about private blog ?

Hello,

I am not sure where I can ask for help, but maybe here ?

Situation: I have several private wordpress websites; XML feeds are off and private users have to be logged to view any content (even the public posts/pages). No registration allowed.

I am not using the WP REST API plugin but I have disabled V1&V2 for security reason since WP 4.4 include a part of the API.

But the situation is going to change: WP 4.7 will be released next month with the full rest API (including endpoints). So, I presume when I will update to 4.7, every public contents on my private blog will be readable via the “?rest_route=/>” url. seriously ?

My question: How can I protect a private worpdress againt the wordpress rest api ? Is there an option in WP 4.7 to do that ?
I need to block all un-authenticate REST API calls. Even for public datas. There is a lack of info about that, and nobody seems to care about that. I know, a lot of webmasters have public wordpress but there are 75 millions of wordpress blogs, how about the part of private authenticated blogs ? ??

I am not an expert, but I have found this solution, will I be safe with that ?
https://gist.github.com/danielbachhuber/8f92af4c6a8db784771c

For now, I have disabled the rest API (I know this is not a solution, as the wordpress REST API should be used for a lot of things in a near future…)

// Disable REST API v1.x
add_filter(‘json_enabled’,’__return_false’);
add_filter(‘json_jsonp_enabled’,’__return_false’);
// Disable REST API v2.x
add_filter(‘rest_enabled’,’__return_false’);
add_filter(‘rest_jsonp_enabled’,’__return_false’);

Any help will be appreciated ??

Best regards,
Delta