How To: Disable/Block External HTTP Requests In WordPress

Posted by Artem Russakovskii on November 16th, 2011 in PHP, Wordpress

One thing that's been continuously annoying me when doing WordPress development on the go is when something somewhere inside WordPress decides to send requests to external urls when I don't even have Internet connection or it's slow and flaky (tethering, slow Wi-Fi, etc). This results in random lag when loading pages, especially if I haven't opened my dev WordPress instance for a long time.

Turns out there's an easy and undocumented (other than in code) solution. To block external HTTP requests right in WordPress's core itself, open up wp-config.php and add WP_HTTP_BLOCK_EXTERNAL like so:

define('WP_HTTP_BLOCK_EXTERNAL', true);

Whenever this variable is present, external requests will be ignored, unless you specify your own comma-separated whitelist of domains using WP_ACCESSIBLE_HOSTS like so:…


How To Display Just The HTTP Response Code In Command Line Curl

Posted by Artem Russakovskii on June 10th, 2010 in Linux, Tips

Updated: September 8th, 2011

Today, I was looking for a quick way to see HTTP response codes of a bunch of urls. Naturally, I turned to the curl command, which I would usually use like this:

curl -IL "URL"

This command would send a HEAD request (-I), follow through all redirects (-L), and display some useful information in the end. Most of the time it's ideal:

curl -IL "http://www.google.com"
HTTP/1.1 200 OK
Date: Fri, 11 Jun 2010 03:58:55 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=ISO-8859-1
Server: gws
X-XSS-Protection: 1; mode=block
Transfer-Encoding: chunked

However, the server I was curling didn't support HEAD requests explicitly. Additionally, I was really only interested in HTTP status codes and not in the rest of the output. …


lock Today I'm going to look at how not to handle user authentication in a web application, taking BeTwittered.com authenticating with Twitter as an example (sorry, guys).

BeTwittered is a simple and comfortable gadget that you can add to your site, such as your iGoogle homepage.

Since BeTwittered is just a bridge between you and Twitter, it has to first log you into your account. Here is where things go horribly, horribly wrong.

1. BeTwittered does not use SSL to secure requests to its servers

All authentication information is transmitted to BeTwittered servers in plain text and is easily sniffable by an attacker, both on your own network and outside of it. You can read more about SSL encryption here….


Updated: September 16th, 2012


StackOverflow is an amazing site for coding questions. It was created by Joel Spolsky of joelonsoftware.com, Jeff Atwood of codinghorror.com, and some other incredibly smart guys who truly care about user experience. I have been a total fan of SO since it went mainstream and it's now a borderline addiction (you can see my StackOverflow badge on the right sidebar).

The Story

Update 6/21/09: This server is currently under very heavy load (10-200), even with caching plugins enabled. Please bear with me as I try to resolve the situation.

Feel free to bookmark this page and return to it later when the fires have been put out.

Update 06/21/09: I think I've got the situation …