Skip to content

Block WP_HTTP request in WordPress

WordPress uses WP_HTTP to connect to other servers to get data. But still it does not have a feature to monitor or block those WP_HTTP requests. That is where plugins can add extra functionality to WordPress.

To block WP_HTTP requests we will be using a plugin called HTTP Requests Manager.

It will log all WordPress communication that uses WP_HTTP functions. Then you can view those logs to analyze and debug those remote connections.

While debugging you may want to block certain WP_HTTP calls from your WordPress website in order to optimize server resource usage.

Block WP_HTTP request by domain or plugin with custom rules.

Do you prefer video tutorial? View this tutorial in video format.

Watch & subscribe on YouTube.

How to block certain WP_HTTP requests in WordPress?

HTTP Requests Manager plugin has “Smart Block” mode which will automatically optimize most of your WP_HTTP requests.

Additionally in this mode you can use “Custom rules” to explicitly block or allow certain requests.

Look at URL and request information to identify useless WP_HTTP API calls.

Here is how useless API calls look like.

Theme is checking API connections to their own server. I am not using any features that rely on external service. So this request is useless. I can safely block it.

Add custom rule to block WP_HTTP request by domain.

Now lets see how to block certain WP_HTTP requests in WordPress step by step.

  1. Install and activate “HTTP Request Manager” from WordPress repository by navigating to “Plugins” → “Add new plugin” page inside your WordPress admin area.
  2. Navigate to “Tools” → “HTTP Requests Manager” page and check that it works and records some WP_HTTP requests.
  3. Wait a couple days while the plugin collects more requests.
  4. Check again “HTTP Requests Manager” page to see recorded data.
  5. Look for requests that you want to block. For easy debugging group requests by: domain, plugin, response status, page.
  6. Take a note of plugin name and request URL. You will use this in the next step.
  7. Navigate to the “Settings” tab at the top. Make sure that you are using “Smart block” operation mode. Because blocking individual requests works on this mode only.
  8. Click the “Add new” button next to “Custom rules for Smart Block mode.” field heading.
  9. You will see a form with 3 fields.
    • In the “What” field select “plugin” or “domain” that you want to block.
    • In the “Where” field select “everywhere”. Or you can choose a particular page type as well. For example if you want a block only on the frontend then select the “Frontend” field here.
    • In the “Action” field select option “Block”.
  10. Click the “Save changes” button to add this custom rule.

After saving WP_HTTP custom rule it will look like this.

You have added a custom rule to block certain remote requests in your WordPress website. Check the screenshot above to see how it will look after saving custom rules.

How to check if WP_HTTP request blocking works?

To check if WP_HTTP request blocking works, perform the following steps.

  1. Navigate to related plugin/theme that you blocked requests for.
  2. Use it in a way that triggers a remote request.
  3. Come back to the “HTTP Requests Manager” plugin page and check logs. You will notice that requests will be blocked by the plugin.

In case you are not sure how to trigger a remote request from plugin or theme then just wait a couple days and the related request will be repeated by the related plugin. Keep checking HTTP Requests Manager plugins page to see that those custom rules applied and related requests are blocked.

In my case I blocked some requests initiated by the Neve theme. It was regularly checking that their API connection works or not. Because I am not using any API related features of the theme I have blocked those requests. As a result WordPress performed less remote requests which prevented wasting resources of my website.

How to remove previously added blocking rules?

Remove existing WP_HTTP custom rules by clicking [x] button.

To remove previously added blocking “Custom rule” follow these steps:

  1. Navigate to “Tools” → “HTTP Requests Manager” page.
  2. Click the “Settings” tab.
  3. In the “Custom Rules” section click on the “x” button on the rule that you want to remove.

Reasons to block WP_HTTP request

Why would you want to block some WP_HTTP requests?

  • Every WP_HTTP request slows down page generation. Less remote requests means faster WordPress.
  • When a request is not useful then it is wasting your server performance.
  • Loading ads, upsells, news and other not related stuff.

These are requests that you do not want to slow down your website and annoy you when you use your WordPress website. So you can easily block them whenever you find them in your reports.

Also pay attention to not block important WP_HTTP requests that rely on external communication.

FAQ

Can I block certain WP_HTTP requests without a plugin in WordPress?

Yes, there are 2 ways to block some requests in WordPress without a plugin.

Solution 1: Block all external requests.

This is for advanced users. WordPress has a constant WP_HTTP_BLOCK_EXTERNAL that should be defined with the value “true” in wp-config.php file.

This will block all external requests from your website. You will not be able to install new plugins, themes, do core updates etc.

Additionally if you want to allow those requests to the WordPress repository then you need to define WP_ACCESSIBLE_HOSTS constant with comma separated domain names.

// Block all external requests
define('WP_HTTP_BLOCK_EXTERNAL', true);
// allow requests to WordPress repository
define('WP_ACCESSIBLE_HOSTS', '*.wordpress.org');

This code will block all non WordPress external requests without using a plugin.

Learn more about blocking with config files from WordPress.org.

Drawback:

You cannot block by individual domain or plugin. Also you cannot see which requests are happening on your website.

Solution 2: Check plugin settings that initiate remote requests to disable some requests.

When you find a request to block check related plugin settings page. Usually some of them will have an option to disable those requests.

For example, recently I found that the “MailPoet 2” newsletter plugin was running too many cron jobs for sending emails on schedule. I had 100+ WP_HTTP requests per day and they were on all pages even on the frontpage. Which obviously slowed down page generation by an additional 1 second.

To remove plugin related WP_HTTP request look inside related plugin settings.

I disabled this request by following steps:

  1. Navigate to “MailPoet”→ “Settings” page, “Advanced” tab → click on the “Geeky options Show” button at the bottom of the page.
  2. Uncheck “Enable MailPoet’s Cron” checkbox.
  3. Click the “Save Settings” button.

After which all additional cron job requests via WP_HTTP initiated by “MailPoet 2” plugin stopped running. This returned my WordPRess website back to fast performance.

I was able to identify and debug this problem using “HTTP Requests Manager” plugin. Instead of using “Custom rule” to block I found a related option in the plugin setting and disabled it.

Solution is not always blocking remote requests. Sometimes you may need to find other solutions like changing how you use plugins. Check this tutorial where I switched from API usage to static HTML for PayPal buttons.

Drawback:

Not all plugins and themes have an option in settings to disable remote requests. You need to see which requests are happening in order to block them.

Can I block all external requests with HTTP Requests Manager plugin?

Choose (Block external requests) operation mode.

Yes, select “Block external requests” operation mode from “Settings” tab. If you want to block external requests but allow WordPress repository requests then select “Block external requests (allow WordPress.org only) ” mode.

In these modes you do not need to block individual WP_HTTP requests.

Learn more about blocking external requests.

How to find useless WP_HTTP requests?

You can find useless requests by checking request URLs, viewing request and response data. Generally requests to payment servers, analytics, email services are important. Everything else is not very important.

Should I block useless WP_HTTP requests?

In most cases you do not have to block them. Because your WordPress was running with those requests until you detected them. It can be ok to continue allowing them.

In any uncertain situation, leave it alone and do not block it.

If you are sure that it is a useless request and functionality of related plugins will not be affected by it then it is better to block it.

What if I blocked an important WP_HTTP request?

You can remove the “Custom Rule” that you created by clicking the “x” button at the end of that rule line. “Custom Rules” are located in the “Settings” tab. View detailed instructions.

How to prevent important WP_HTTP request from being blocked?

You can add custom rule to allow important WP_HTTP requests. This will make sure that API call to certain domain or by certain plugin will never be blocked by “Smart block” optimization.

View how to add allow rule in HTTP Requests Manager plugin.

Conclusion

Detect and block annoying and useless WP_HTTP requests manually by using HTTP Requests Manager plugin in WordPress. It will boost your website performance further while keeping it easy to manage and block certain requests.

Learn more about debugging WP_HTTP requests in WordPress.

Leave a Reply

Your email address will not be published. Required fields are marked *