How to Block External Requests in WordPress to Solve Slow Backend Loading Issues
In this article, I’ll show you how to block external requests in WordPress to solve slow backend loading issues. By setting the WP_HTTP_BLOCK_EXTERNAL constant and the WP_ACCESSIBLE_HOSTS constant, or using the Snitch plugin, you can effectively control external requests and improve WordPress performance.
The Problem: Slow Backend Due to External Requests
By default, WordPress’s core, themes, and plugin update processes regularly request wordpress.org to check for new versions. Some premium themes and plugins also send requests to their own API servers to verify license keys. These requests are crucial to maintaining the completeness of the WordPress experience, but sometimes the target servers respond slowly, causing delays in loading WordPress pages—especially the admin dashboard. This impacts the overall WordPress user experience.
To solve this issue, we can block these external requests to prevent slow responses from affecting the speed of WordPress loading.
How to Block External Requests in WordPress
WordPress provides a constant WP_HTTP_BLOCK_EXTERNAL to block all external HTTP requests. By adding the following line to your wp-config.php file, you can block all outgoing connections from WordPress:
define( 'WP_HTTP_BLOCK_EXTERNAL', true );
By adding the code above, all outbound connections from WordPress will be blocked, including connections to wordpress.org. This will disable the WordPress core, theme, and plugin update functionality. Since this may not always be necessary, it’s better to avoid blocking all external requests. Fortunately, there are other ways to block specific external requests.
Allowing Certain External Requests
Using the WP_ACCESSIBLE_HOSTS constant, we can specify which external domains WordPress is allowed to send requests to. You can list multiple domains, separated by commas, and you can even use wildcards to specify a group of domains. Here’s an example:
define( 'WP_ACCESSIBLE_HOSTS', '*.wordpress.org,www.some-api.com' );
This approach creates a whitelist of external request domains. WordPress will only be allowed to access domains on this whitelist, and all other external requests will be blocked.
Using the Snitch Plugin to Block External Requests
If you prefer a plugin-based solution instead of editing code, there’s a plugin called Snitch that can help block external requests in WordPress.
As shown in the image below, the Snitch plugin lists all external requests made by WordPress, showing the time taken for each request. You can selectively block external requests that take an unusually long time to complete.
Limitations and Solutions
While the methods described above—using constants or a plugin—are convenient, they only apply to requests made through WordPress’s HTTP functions (such as wp_remote_get and wp_remote_post). If you’re using custom request methods like cURL or other HTTP libraries, these methods won’t have any effect.
To fully prevent WordPress from accessing external resources, it’s recommended to set up a firewall on the server level to block outgoing connections. This will provide more control and ensure that no external requests can be made, regardless of the method used.
