Delete wp-json

[pistoletoff]

Hello, when will the wp-json folders be removed from public access? Their existence creates various problems.
"To be fair, this folder does not contain logins and passwords in plain text, so it cannot be considered overly malicious. However, these entries themselves are still quite unpleasant. Information about the plugins used could be found in the html page, but it would hardly contain all of them. Here they are listed by name and in order. Disclosing the login of the author of the entry also creates an advantage for intruders, especially since not all site authors indicate it publicly on the entry pages. Regarding the entry with site users, this creates opportunities for parsing. Parsing content is one thing - it can be implemented anyway. But here we have the opportunity to massively parse site users without any restrictions. This information can be useful not so much for hacking accounts as for deanonymizing users - parsing the nicknames of site users can make it possible to compare them with the target user and obtain information about which sites he uses. In addition, it is necessary to point out the problems in the field of SEO. Some sites provided evidence that Yandex indexes these folders from different sites in search. I haven't checked it myself, but in the Yandex Webmaster panel it gives them code 200 and visits them quite often. It seems that it didn't get to indexing, but just in case, an indication was put in Robots.txt to avoid this."
(excerpt from my article WP-JSON как проблема сайтов на WordPress ​https://pistoletoff.ru/%D1%81%D1%82%D0%B0%D1%82%D1%8C%D0%B8/wp-json-%D0%BA%D0%B0%D0%BA-%D0%BF%D1%80%D0%BE%D0%B1%D0%BB%D0%B5%D0%BC%D0%B0-%D1%81%D0%B0%D0%B9%D1%82%D0%BE%D0%B2-%D0%BD%D0%B0-wordpress/)

[peterwilsoncc]

There are no plans to remove the REST API from WordPress as doing so would break a number of core features, including the block editor.

Only information WordPress considers public is available via the REST API for logged out users.

If you wish to limit access on your site, you can do so with a plugin:

<?php
add_filter(
        'rest_authentication_errors',
        function ( $authorized ) {
                if ( null !== $authorized ) {
                        // Return early if the request is already authenticated/blocked.
                        return $authorized;
                }

                if ( ! is_user_logged_in() ) {
                        // Block the request if the user is not logged in.
                        return new \WP_Error(
                                'rest_not_logged_in',
                                __( 'Only logged in users can access the REST API.', 'ticket-62960-plugin' ),
                                array( 'status' => 401 )
                        );
                }

                // Continue with the request if the user is logged in.
                return $authorized;
        }
);

[pistoletoff]

So why not just make these files public in WordPress settings? This data is largely not used externally and only produces a bunch of practically useless files.