WordPress allows plugins and themes to make HTTP requests to external domains. While this is necessary for many plugins and themes to function properly, it can also pose a security risk if not managed properly.
The WP_HTTP_BLOCK_EXTERNAL constant
WordPress uses the WP_HTTP_BLOCK_EXTERNAL
constant to block external HTTP requests made by plugins and themes. By default, it’s set to true
, which means that all external domains are blocked.
To check if this constant is set to true
, you can add the following code to your wp-config.php
file:
define('WP_HTTP_BLOCK_EXTERNAL', true);
If you want to allow external domains, you’ll need to set this constant to false
. However, we recommend keeping it set to true
and using the wp_allowed_hosts
filter to allow specific hosts.
Let’s allow specific hosts (domain names)
To allow the Meow Apps domain meowapps.com
, you can use the wp_allowed_hosts
filter. Here’s an example code snippet that adds meowapps.com
to the list of allowed hosts:
add_filter('wp_allowed_hosts', function ($allowed_hosts) {
$allowed_hosts[] = 'meowapps.com';
return $allowed_hosts;
});
You can add this code to your theme’s functions.php
file or to a custom plugin. This will add meowapps.com
to the list of allowed hosts, while still blocking all other external domains.
If you’re using multiple Meow Apps plugins, you don’t need to add multiple filters. Just adding the filter once will allow all Meow Apps plugins to make HTTP requests to meowapps.com
.
Note that if you’re using other plugins or themes that make HTTP requests to other external domains, you’ll need to add those domains to the wp_allowed_hosts
filter as well.