For some reason, your WordPress blog can send some info to external sources, as such as AUtomattic, the company behind WordPress. Although you don’t really have to worry about it in my opinion, you can block those requests with the following technique.
To do so, open your wp-config.php file and paste the following code:
define('WP_HTTP_BLOCK_EXTERNAL', true);
It will block external requests from that time on. Though, some plugins need external request to work properly. If you experience problems, you can define a whitelist by pasting the code below into wp-config.php. Don't forget to replace my url by the one needed by the plugin.
define('WP_ACCESSIBLE_HOSTS', 'wprecipes.com');
This is the last recipe of 2009. Thanks to all of you for your support, and best wishes for 2010!
17 Responses
I’ve red all your recipes that year and I’m waiting for more next
Best wishes for 2010! And thanks for your great work here
Thanks for this recipe, wish you a happy new year 2010 for more and more useful WordPress tips for us.
Ban.
Thanks a lot & best wishes for new year 2010.
Thanks so much for all your great articles
Thanks. Great tip as usual. Keep up the good work for 2010!!
Ya useful tip, and advance happy new year 2010 friend
Cheers
thanks or the last recipe… it works!
Wonderful tip! I will utilize it on my blog ASAP. First time for me here but I will be back in 2010 for sure.
You have an amazing blog theme here! Really beautiful background, nice header, and easy to use navigation. I hope to see more posts from you soon, and I’ll submit this to Blogger Den to share with the community
Why would someone want to do this? I thought I heard something about 2.9 reporting usage statistics back to automattic – is that true, and if so is that the reason for this post?
It would be great if you could explain a bit about what external requests are. Does this mean it prevents your blog from contacting other site URL’s? If so this might be good damage control if you get hacked (since many hacks make your blog ‘dial home’ to other sites).
Cool tip, will check it.
This is a nice little recipe that will definitely be useful one a couple of my sites. thanks
thanks for the post ..you got a lot of good stuff in here.. very useful for me coz im pretty new at wordpress
Dave Holowiski,
There are probably more than a few reasons why you may want to block external request being made by your blog. As you’ve pointed out, security could be a concern although if you are concerned about that and this is your solution you have far bigger problems. Of course, it can be intimidating for many bloggers to understand the amount of trust they place in theme/plugin developers so in that regard, this could be a good starting point for that but if someone wanted to exploit your blog via malicious code in a plugin or theme, this would not stop that from occurring.
I think the most benefit would be seen in a slight improvement regarding the responsiveness of your blog both in the admin and the frontend. I have not looked at the implementation but I can say that any requests external to your domain can negatively impact the performance of your blog. CDN’s are all the rage these days for static content but they are purpose built for high-availability. Anyhow, you should be able to actually measure a slight performance improvement with this. I will look into it a bit more and see what I find. Take care and aloha!
Following up on my recent comment I took a look at the code to see what we were really dealing with here. This is a new addition to the core as of 2.8.0. I would very much recommend enabling this in your wp-config.php and making sure to add — define(‘WP_ACCESSIBLE_HOSTS’, ‘api.wordpress.org’); so that your updates and plugins continue to function as expected.
This should provide you with a slight improvement regarding the responsiveness of your blog but do not, DO NOT think this actually protects you in any way. The only thing this will affect is functionality that wants to connect externally which also adheres to the standards for connecting externally. There is absolutely no real security in enabling this if you have plugins or themes that do not follow best practices.
Further reading:
http://core.trac.wordpress.org/ticket/8927
In the core you can find this implemented in path-to-wp/wp-includes/http.php and, as of 2.9.1 it can be found within the function block_request()
Anyhow, good post. Brought this to light and I think I may actually look into the situation a bit more to see if we can lock things down a bit more. For example:
-scanning plugins/themes upon install for externals and reporting those which do not adhere to standards to the blog owner.
-interfaces to control connections via white-list by the blog owner.
-clear documentation regarding the situation within the admin.
Any other thoughts?
Trackbacks: