Block external requests in WordPress for increased performance on live websites

By Edgars AbolinsLast updated on:

WordPress, including its plugins and sometimes also the site theme often creates external / outgoing requests to various endpoints which results in a decreased performance while working in the WordPress admin interface. The main problem with these requests is that they are not happening in the background, but along with the page load, especially in the WordPress admin dashboard and the plugins section. In this article you will learn how to block such requests therefore preventing them to affect the page loading speeds on your WordPress website.

Top reasons why WordPress needs to connect to external resources involve:

  • Checking for updates
  • Plugins and themes “calling home” for telemetry purposes
  • Content analysis by using third party APIs
  • Other tasks which involve connecting to third party APIs

How to check if the problem affects your site

For every WordPress based website I recommend to install the plugin called Query Monitor and enable it also on the live version of your website – at least for a moment while you are clearly sure that there is nothing more to improve (personally I keep it enabled all the time on production).

Query Monitor clearly will show you what’s going on with the outgoing requests and errors or warnings happening on your website.

Let’s take a look at this screenshot. This is taken from a small business website which is hosted on a fastest server available for the WordPress hosting with relatively nothing much installed and the database which is around 30MB in the file size.

Result when outgoing requests are not being blocked

With Query Monitor enabled, here you can see that WordPress admin dashboard has loaded in 3.61 seconds (!!!) from which 2.50 seconds took the outgoing requests from WordPress, installed plugins and theme – all together mainly just to check on the updates.

Result with blocked outgoing requests

Now with outgoing requests being properly blocked, you see that the WordPress dashboard loads only in 0.31s instead of how it was previously – 3.61s. While the TTFB with requests not being blocked may vary depending on how much connections WordPress is trying to make in the background, in this case the TTFB will stay stable to 0.31s and outgoing requests will no more affect it.

Official method: Block the external requests with WP_HTTP_BLOCK_EXTERNAL

Officially there is an easy way how to deal with this problem. You just need to add this PHP constant to your WordPress configuration file:

#Blocks external requests from your WordPress site
define('WP_HTTP_BLOCK_EXTERNAL', true);

but DO NOT USE this solution just yet, because it will block each and every request to external resources which could easily disrupt functionality of your site plugins or theme you’re using.

A bit smarter approach is to add WP_HTTP_BLOCK_EXTERNAL along with the WP_ACCESSIBLE_HOSTS constant in the WordPress configuration file. In the WP_ACCESSIBLE_HOSTS you can define exclusions by adding a list of hostnames which you want to exclude from blocking.

#Blocks external requests from your WordPress site
define('WP_HTTP_BLOCK_EXTERNAL', true);

#Excludes requests with specific hostnames from being blocked
define('WP_ACCESSIBLE_HOSTS ', '*.wordpress.org', 'misc.optimizingmatters.com', 'rankmath.com');

Still that is not a satisfying solution because there may be situations when you need to allow only a few specific requests while blocking other from the same hostname. Read on to find about the recommended approach – blocking external requests by URL filtering.

Method which I recommend for blocking external requests is by using a “pre_http_request” filter, with which you can filter out individual requests by looking at url patterns. Sample code you see below can be used to block the unneeded requests for both – development and production environments. DISALLOW_FILE_MODS constant is used to determine the production environment, since on it you certainly want to disallow any file modifications. However you may need to adjust this code for your individual needs.

To use this code snippet, just place it in your theme functions.php file or add it as a must-use plugin.

add_filter( 'pre_http_request', 'dwp_pre_http_request_block', 10, 3 );
function dwp_pre_http_request_block( $preempt, $args, $url ) {

        $block_list = [
            //Blocks Visual Composer plugin from checking the updates
            'updates.wpbakery.com',
            //Blocks WordPress from getting the information about themes
            '://api.wordpress.org/themes/info/',
             //Blocks external requests to WooCommerce APIs
            '://woo.com/wc-api/', 
            '://woocommerce.com/wp-json/wccom/',
            '://public-api.wordpress.com/wpcom/v2/wcpay/incentives',
            //Blocks Advanced Custom Fields from checking the updates
            '://connect.advancedcustomfields.com/v2/plugins/update-check',
            '://connect.advancedcustomfields.com/v2/plugins/get-info',
            //Blocks requests to check on Microsoft Clarity updates
            'microsoft-clarity.json',
            //Blocks requests to Freemius API
            '://api.freemius.com/v1/plugins/10461/addons/pricing.json',
            //Blocks requests to Redux Framework
            '://reduxframework.com/'
        ];

        //BLOCKS ADDITIONAL REQUESTS IN THE PRODUCTION ENVIRONMENT
        if (defined('DISALLOW_FILE_MODS') && !empty(DISALLOW_FILE_MODS)) {
            $block_list_dfm = [
                //Blocks various requests to WordPress API
                '://api.wordpress.org/core/version-check/',
                '://api.wordpress.org/core/browse-happy/',
                '://api.wordpress.org/core/serve-happy/',
                '://api.wordpress.org/plugins/info/',
                '://api.wordpress.org/plugins/update-check/',
                //Blocks various requests to Rank Math API
                '://rankmath.com/wp-json/rankmath/v1/updateCheck2/',
                '://rankmath.com/wp-json/rankmath/v1/versionCheck/',
                '://rankmath.com/wp-json/wp/v2/posts',
                //Blocks external requests made by Autoptimize plugin
                '://feeds.feedburner.com/OptimizingMattersDownloads',
                '://misc.optimizingmatters.com/autoptimize_news.html', 
                '://misc.optimizingmatters.com/autoptimize_ccss_explain',
                '://misc.optimizingmatters.com/api/autoptimize_service_availablity.json',
                '://feeds.feedburner.com/futtta_autoptimize'
            ];

            $block_list = array_merge($block_list, $block_list_dfm);
        }

        foreach($block_list as $b) {
            if ( strpos( $url, $b ) !== false ) {
                //Returning the status code "200" ensures there will be no errors generated
                //from WordPress or red/orange notices in the Query Monitor plugin
                return ['response' => ['code' => 200, 'message' => 'OK']];
            }
        }
        
        return $preempt;
}

Additional tweaks

While this technically is not a request blocking, these tweaks may help you to achieve additional performance improvements. To use this code snippet, just place it in your theme functions.php file or add it as a must-use plugin.

    //Prevent theme update check
    remove_action('admin_init', '_maybe_update_themes');
    remove_action('load-themes.php', 'wp_update_themes');

    //Prevent retrieve translations
    add_filter('translations_api', '__return_true');

    //BLOCKS ADDITIONAL STUFF IN THE PRODUCTION ENVIRONMENT
    if (defined('DISALLOW_FILE_MODS') && !empty(DISALLOW_FILE_MODS)) {
        //Prevents from calling wp_version_check
        remove_action('admin_init', '_maybe_update_core');

        //Prevent plugin update check
        remove_action('load-plugins.php', 'wp_update_plugins');
        remove_action('admin_init', '_maybe_update_plugins');
    }

    //Disable rest test call on Site Health page
    add_filter( 'site_status_tests', function( $tests ) {
        unset( $tests['direct']['rest_availability'] );
        return $tests;
    } );

FAQ about blocking WordPress outgoing requests

WordPress
2 Comments on Block external requests in WordPress for increased performance on live websites
About the author
Edgars Abolins Edgars Abolins, author at DoinWP.com
I'm a full-stack WordPress developer with a 10+ years of solid experience in the core web development languages, development processes / techniques, web security, Linux server management and with pretty good understanding about proper semantics, UX/UI, technical SEO, good design and basic knowledge of company leadership. On top of that - a distant 5+ years experience as a computer and electronics repair technician which often enables me to understand also how the things work at the hardware level.

2 thoughts on “Block external requests in WordPress for increased performance on live websites

  1. Hi,
    Thanks for this helpful article.
    The downside is now I get this on every page: https://d.pr/i/062XzJ when using Query Monitor (which I have enabled all the time). Not sure what is more annoying: this QM orange nag or the requests that are now blocked 🙂
    Any way around this, or another way to block these requests that would not trigger this issue?

    Thanks!

    Reply

    1. Hey, Rem!

      Thanks for the feedback. Sorry for a long delay on the answer, I had a bit of the health problems to take care of, but now I’m back and with a solution for you! 🙂

      You pointed out an issue with my previous code, that it was generating these “orange nags” from the Query Monitor. On top of that this code was also generating PHP warnings in background when WordPress tried to check for the updates.

      I’ve carefully checked the code and improved it so its more stable and does not generate the PHP warning messages or colored warnings in Query Monitor plugin.

      Once again, thanks for bringing this up, I really like that people join in with ideas 🙂

      Regards,
      Edgars

      Reply
Your feedback matters!…
I hope you found this article helpful. Feel free to add some comments - your feedback is very important to me, as it drives my motivation and helps me to improve the content.