Block External Request From WordPress

Sometimes (often) WordPress sends information to external sources (usually a result of a plugin or theme). While in most cases this is not a serious issue, sometimes there can be so many “external calls” that the site speed is negatively impacted. At other times the Internet connection (of the visitor) is so slow as to cause a browser loading issue. Yet, in other scenarios heightened privacy is required. In such cases, it may then help to block such external requests, or limit which call can be completed.

Edit the wp-config.php file and add the following directives:

define('WP_HTTP_BLOCK_EXTERNAL', true);
define('WP_ACCESSIBLE_HOSTS', 'api.wordpress.org');

Line 2, referencing api.wordpress.org prevents WordPress core functionality from being adversely impacted. However, there might be some specific plugins that are required for functionality. In such cases, we can also add them (permit the external call) to the WP_ACCESSIBLE_HOSTS like so:

define('WP_HTTP_BLOCK_EXTERNAL', true);
define('WP_ACCESSIBLE_HOSTS', 'api.wordpress.org', '1site.com', '2site.com', '3site.com');

To help determine external requests, one online tool is: https://tools.pingdom.com/ (this URL will open in a separate browser tab or window). When testing a domain using this tool, a cascaded report is detailed, allowing you to see the URLs of external requests. Naturally, using that report helps to determine which hosts to add to the WP_ACCESSIBLE_HOSTS directive.

Leave a comment

BlogLogistics