Keep WordPress admin fast with HTTP Requests Manager

Debug & optimize WP_HTTP (API call) requests. Limit by request count, page load time or lower timeout for each request. Speed up WordPress login and admin pages with free plugin HTTP Requests Manager.

Page performance recorded with time and memory usage when each WP_HTTP request happens. Check points used to record information containing list of loaded plugins and common WordPress action hook calls.

Download Rate us Support

► Watch video

Table of Contents

Prevent WP HTTP requests to slow down your WordPress website and admin interface

Do you have a slow WordPress admin that takes longer than usual to load? Sometime longer than 5 seconds to load admin or login pages. In rare occasions WordPress may even timeout and show 504 page.

Reason may be slow external WP_HTTP requests. This plugin will log all WP_HTTP requests with time taken to complete each request. If there are multiple request per page they will be color grouped.

Plugin helps to prevent website slowdown by:

Sets request timeout period to 2 second. Where default is 5.
Limit number of request per page by 3. Default is unlimited.
Limit WP_HTTP request if page load time is longer than 3 seconds. Default is unlimited.
Option to block all external requests or allow only requests to wordpress.org for plugin, theme and core updates.

Screenshot shows latest HTTP requests and reason why they were blocked. Also summary shows at the top with total percentage of blocked requests (54% in current view).

First summary card shows performance improvement for total page generation time for pages with WP_HTTP requests. In this case it is 2.2x performance improvement.

Domains card shows that there were 3 different websites where requests were sent. When you hover over card tooltip will show breakdown of domain addresses with percentage. We can see that 31% of requests were made to api.wordpress.org website.

With this report you can detect when plugins actively using external requests to load data and some promotions from their servers.

Log summary populated for visible logs in selected page.

Summary cards displays following information:

View performance improvement of your WordPress website due to blocking some remote HTTP requests.
Blocked requests percentage. When hovered it will show request breakdown by core, plugins or theme.
Number of requests per page. When hovered shows breakdown by page type: Frontend, admin, login, cron, ajax, xmlrpc, rest_api.
Request time / Page time percentage.
Average page time.
Average request time.
Number of domains. On hover shows request breakdown by domain.

Learn more about WP_HTTP usage Summary Cards.

Video Overview

Watch on Youtube. (Please give this video a thumbs up and leave a comment to help others find it.)

Plugin related tutorials can be viewed in this playlist.

What is detected with HTTP Requests Manager?

Plugin only detects and manages requests made using WP_HTTP class. Which is default method advised by WordPress for getting remote data and updates.

Plugin will not detect any requests made by other WordPress classes like WP_Http_Curl (deprecated as of WordPress version 6.4) or PHP functions like curl_exec, fsockopen, file_get_contents etc.

WP_HTTP = API calls = External Requests

Do not confuse WP_HTTP with Page Requests ( loading assets like css, js, image files) done by HTML page.

WP_HTTP Request ≠ Page Request

WP_HTTP requests performed inside PHP files and a Server → Server communication. (optimized by this plugin)
Page Requests are Browser → Server communication. (learn to reduce page requests)

View detailed article about differences between WP_HTTP vs. Page Requests.

Operation mode

Plugin has operation mode in “Settings” to manage WP_HTTP requests.

Here is what each mode does:

Only log HTTP requests — logs all non cron requests. No blocking done.
Only log HTTP requests (+ cron requests) — logs all requests including cron. No blocking done.
Smart block — logs non cron HTTP requests and blocks request using following rules. (View how blocking works with examples)
1. Page processing time exceeded 3 seconds.
2. Number of request for single page reached 3.
3. Sets timeout for each request (except file downloads) to 1 second.
4. Sets number of redirects for request to 1.
5. Apply custom rules for “Smart block” defined in settings.
6. Prevent some built in requests: browse happy, maybe update, self pings, do_enclose.
7. Skip limitations listed above for: file downloads (plugin, theme, other), requests inside cron jobs.
Block external requests — all requests not matching your current domain will be blocked. No updates for WordPress core, plugins and themes. + Smart block features.
Block external requests (allow WordPress.org only) — all requests not matching your current domain and wordpress.org will be blocked. Allows updates for WordPress core, plugins and themes coming from wordpress.org website. + Smart block features.

Learn more about logging and optimization modes. Find out what is best for your website.

Disable logging

After using the plugin for some time and knowing which requests are performed you can disable logging. Operation mode will remain unchanged. Request blocking will remain in tact. No new logs will be recorded. You can analyze old logs, they will not be deleted.

Load before other plugins

In order to catch more requests you can enable “Load before other plugins” option. It uses Must-Use plugin feature and loads before other regular plugins. This way you will make sure to detect all WP_HTTP requests made by other plugins.

Custom rules for “Smart Block” mode

Allow or block some requests based on domain, plugin or all. Choose on which page type rule will be applied. For example you can block requests in the frontend while allowing in other pages.

Finally you can define action as block or allow for custom rules. For example you can make sure that some plugin will always be allowed to send WP_HTTP requests. This can be an SEO or mail plugin that uses remote API for functioning.

Learn how to block individual WP_HTTP requests.

Also make sure that important API calls are always allowed.

HTTP Requests Manager Features

View performance improvement of your WordPress website due to blocking some remote HTTP requests.
View blocked requests by this plugin. Show reason why it was blocked.
View failed requests with error message.
View what initiated HTTP request: WordPress core, plugin or theme.
View on which page request was made. Also view page type is frontend, admin, login, cron, ajax, xmlrpc or rest_api.
View list of other requests made on same page view.
View sent and received data.
How long it took to get response in seconds.
Check Point with page time and memory usage for most common hooks like plugins_loaded, init, wp_loaded, setup_theme, after_setup_theme, shutdown. This will give some idea about cause of slow pages.
Log data of the last 1000 requests stored in the database.
Group requests by URL, domain, initiator, plugin, page, response status etc.
Add custom rules (conditional logic) to block or allow certain requests.

Click on any request in report to check what is sent to remote server and which response received. Use this information when choosing or configuring plugins for your website. Avoid using plugins and features that regularly performs unnecessary remote API requests.

Request time and memory usage recorded along with loaded plugin information. You can see which actions slowed down page generation significantly. Ideal page generation time for front end pages should always be below 1 second.

Cron pages can take as long as needed because they are run in background and not visible to site visitors.

Group view HTTP requests

Screenshot shows grouping external requests by domain.

Group requests to simplify report. You can group by request domain, page type, initiator, response status etc. Bar colors will visually indicate requests by response status as blocked orange, success green, error red.

Number of requests and average time for each request is also shown in each group.

In this view WP_HTTP requests grouped by plugin.

Click on the request group to view related requests.

Use cases

Case 1: Check if your website slow because of WP HTTP requests.

Average page load time, average request time and average number of requests per page shown as summary at the top of reports.

You can analyze your logs grouped by domain. Then detect excess use of APIs. View responsible plugin and page where those calls were made. Optimize your page then check back again how those optimizations improve your website performance. That is how we found and fixed slow Pricing page on our website caused by PayPal API calls for making encrypted “Purchase” button.

Learn how to debug WP_HTTP requests with detailed Case Studies

Case 2: Block all external request on development or localhost website.

All updates will be blocked. You switch off blocking when you want to perform Core, Plugin, Theme updates. No need to use define('WP_HTTP_BLOCK_EXTERNAL', true); in your wp-config.php. Plugin will prevent requests automatically when you choose “Block external requests” or “Block external requests (allow WordPress.org only)” operation mode.

View detailed tutorial for blocking external requests in WordPress localhost. This will load your pages in less than 1 second instead of 30 seconds.

Case 3: Block non WordPress request. No data will be sent to third parties.

They are usually loading other website news, plugin/theme promotions, advertisements, sending usage statistics etc.

Case 4: Prevent your website from timeout.

By blocking all requests if page generation time exceeds 3 seconds. Kill slow HTTP request with small timeout of 2 second. Slow request can be because of temporary network problem or remove website can be too busy to respond on time. Slow request is not your fault so your website should not suffer from it.

WP_HTTP request blocked by HTTP Requests Manager plugin because page generation time exceeded 3 seconds defined by “Smart Block” operation mode. Blocking further requests should prevent increasing page generation time.

Learn how WP_HTTP optimization works.

Credits

Initial logging functionality was taken from Log HTTP Requests (version 1.4, year 2023) Github →
Blocking, grouping and additional features added by veppa →

More info about “HTTP Requests Manager” plugin

Official home page → https://veppa.com/http-requests-manager/
WordPress plugin page → https://wordpress.org/plugins/http-requests-manager/

Changelog

1.3.5 – 2 September 2024

Fixed: Increased request_source field size to 255 characters.

1.3.4 – 26 August 2024

Added: Separate group view external requests by core: pingback, enclosure, browse happy, serve happy, update, translation, health, oEmbed etc.
Added: Show total number of requests in detail view for given page.
Added: When possible force blocking rules by defining constants to (block all external) and (allow only wp requests).
Fixed: Do not add cp (checkpoint) hooks if logging disabled. Prevent waste of memory.
Update: Made “Only log HTTP requests” default operation mode.

1.3.3 – 30 June 2024

Added: URL becomes empty when it is not validated by WordPress. Empty request URLs now shows clickable text [empty]. Original URL will be shown inside Checkpoint.
Added: When request responded (from cache or error) by other plugin without sending to remote server it will be labeled as ‘other’ and not blocked.
Fixed: color coding requests from same page on logs page.
Fixed: Requests with longer plugin name were not recorded to database because of bug. Now database field length increased and longer strings will be truncated to fit when needed.

1.3.2 – 26 June 2024

Added: Skip smart block limitation while updating WordPress core.
Update: Do not lower request timeout inside cron job and custom rules with allow action.

1.3.1 – 6 May 2024

Updated support to WordPress 6.5

1.3.0 – 6 May 2024

Added: priority loading mode using MU plugin feature. Plugin will load as Must-Use plugin before other plugins for catching as many requests as possible.
Added: Prevent requests initiated by do_enclose function after adding/updating post with images and links. Every time when post saved all links inside post will be requested for checking their file type. For example post with 20 links and 10 images will make 30 requests to check file type for each URL. Only audio and video URLs are saved as enclosure. Other requests are not used and wastes server resources. This request prevention will eliminate tens of requests to non audio/video URLs. When enabled related cron request for post with 30 URLs will finish in 1 second instead of 30 seconds.
Added: Log prevented requests for better understanding what is changed after enabling some blocking mode. Previously prevented self pings and do_enclose requests were not logged.
Added: Calls from xmlrpc.php file are moved to new page group called “xmlrpc” from previous “frontend”.
Added: Summary card showing average performance improvement occurred due to blocking some remote API/HTTP requests.
Fixed: increased request timeout from 1 second to 2 seconds for allowing enough time to complete CURL calls made to HTTPS servers.
Fixed: responses to non streaming requests will be grouped as “success” instead of “error”.

1.2.4 – 12 February 2024

Fixed: prevent calling is_user_logged_in() function when it is not declared.

1.2.3 – 30 November 2023

Fixed: Domain select box population when adding new Custom Rule.

1.2.2 – 29 November 2023

Fixed: Variable name typo inside get_arr_val function.

1.2.1 – 29 November 2023

Fixed: Incorrect links in options page.

1.2.0 – 28 November 2023

Added: Separate tabs for log, settings, more tools
Added: Group request logs by URL, domain, page, page type, plugin, response status etc. Better for viewing important information.
Added: Custom rules to (block, allow by all, domain, plugin) in (everywhere, admin, frontend, ajax, cron, rest_api, login). Maximum 10 custom rules (conditional logic) can be added. Custom rules apply only in smart block mode.
Added: Option to disable logging. Old logs can be viewed. Plugin will work a bit faster when logging disabled.
Added: Disable self ping (only when blocking in “smart block+” mode). Self ping sends pings to images and links on the same domain. Post with 20+ links and images will take 10+ seconds to send self pings.
Added: Disable auto update check on admin page in “smart block+” mode. _maybe_update_core, _maybe_update_themes, _maybe_update_plugins slows down admin pages up to 5+ seconds on first visit after 12 hours and can even timeout. Update checks via cron are not affected.
Fixed: Undefined array key “file” error.
Update: Store last 1k records.

1.1.0 – 12 June 2023

Added: Separate table to log page info like check point with time and memory usage.
Added: New tab to show Check Points for page with time and memory usage in request details popup window.
Fixed: Remove plugin tables on uninstall.
Update: Reduced response body before sending to view in admin panel. This will reduce loaded json data size.
Update: Clear log button now recreates tables which will eliminate table inconsistency with new versions of plugin in future.

1.0.7 – 5 June 2023

Initial release. Log HTTP Requests (version 1.4) used as base.

Frequently Asked Questions

How long are logs stored in the database?

There is no time limit to store logs. Last 1000 logs will be stored. On average it is about 10 days of logs.

Is it possible to pause the plugin and only view recorded logs?

Yes, set operation mode to “Only log HTTP requests” and check the “disable logging” checkbox in the “Settings” tab. With these settings new logs will not be added and you can review already existing old logs.

Does the plugin remove logs and options on uninstall?

Yes it removes logs and options stored in the database when you uninstall this plugin.

Which pages are recorded?

All pages with WP_HTTP requests are recorded. Slow pages without any WP_HTTP requests are not recorded.

Which remote requests are not detected?

This plugin detects only requests made using WP_HTTP class defined by WordPress. It is preferred way of doing remote requests. WordPress core and most plugins/themes use it.

Plugin will not detect requests made using other classes and functions. For example remote requests made with WordPress class WP_Http_Curl (deprecated starting from WordPress version 6.4) or PHP functions like curl_exec, fsockopen, file_get_contents are not detected by this plugin. Because they do not have hooks similar to WordPress to manage requests before making them.

Unfortunately when plugin/theme uses other functions (not WP_HTTP class) they will not be detected by this plugin.

How much performance improvement can be gained?

Performance gain on pages with WP_HTTP requests can be up to 5x. It all depends on which blocking method used and how heavily remote requests are used by core and plugins.

Speed of WP_HTTP requests depend on external factors like:

Network congestion to remote server.
Network speed to remote server.
Network distance to remote server.
Remote server response speed.

Pages with remote requests will be always slow regardless of you web hosting speed.

With “smart block” operation mode you can limit remote requests by total page generation time of 3 seconds. So no more remote requests will be sent if your page is reached 3 second limit.

When Smart Block enabled total page generation time will be limited to 3 seconds. Page with 10 requests, will improve from 11-12 seconds to 3 seconds, regardless of web hosting resources.

Are all WordPress pages have WP_HTTP requests?

No. WP_HTTP requests are performed periodically or on certain action. When you check logged requests, there will be around 50-100 pages with requests per day. On website with 10k daily page views (human and bot traffic) it will make around 1% of all pages.

How can I feel speed improvement provided by this plugin?

You will most likely feel speed difference in admin area. Pages previously loading slowly or timing out regularly should load much faster.

How to make sure that important requests are not blocked?

Follow these steps to prevent unintentional blocking of some important API requests.

Run the plugin in only log mode for a couple days to record many requests.
Check logs and identify important requests by domain or plugin.
Create a custom rule in “Settings” to allow important requests by domain or plugin.
Switch “Operation mode” to smart block.

Conclusion

With HTTP Requests Manager plugin you can view all requests and optimize WordPress to remain fast in frontend and backend. If you have experienced timeouts on WordPress login page or inside admin panel then check WP_HTTP requests.

External HTTP requests can be used to check for updates, loading promotional materials by some plugins, loading information from remote servers or sending statistics without your permission to other third party websites? Learn what is happening in your WordPress with HTTP requests. Prevent any page generation slowdowns or disable external HTTP requests completely using this plugin.

Alternatively reduce number of used plugins to prevent additional server load.

Recorded log records and summary cards will show you whole picture regarding requests within you WordPress website. Choose what to do using simple operation mode switch.

When you find any unexpected external calls to third party servers then you can communicate with related plugin author and ask for adding control to disable those requests or asking permission before sending those requests.

Check my other WordPress plugins and widgets.

Native Share Button Widget for WordPress – add lightweight floating share button, not detected by ad blockers, triggers native share functionality of user device. Makes sharing easy on mobile phones.
bbPress WP Tweaks – to add custom sidebar to bbPress forum. Also has some admin tweaks related to forum and 2 custom forum widgets.

More projects can be found on projects page.

★ Related Posts ★

WordPress plugin: HTTP Requests Manager