Prevent access to external servers from WordPress

Last Revised: October 2, 2021

WordPress is a content manager that allows countless options, including reading external elements (as simple as news feeds from other sites) or downloading other elements (such as templates and plugins). This system is active by default which makes any element capable of connecting externally.

If it were the case that some type of malicious code was injected, it could connect to other sites and download or update information, something that as a general rule we do not want to happen.

If we want to block external access we can activate an element in the configuration file:

define('WP_HTTP_BLOCK_EXTERNAL', true);

But this could block any external calls, so we can activate a whitelist of sites that could be accessed:

define('WP_ACCESSIBLE_HOSTS', '*.wordpress.org,*.github.com');

In this case we would give access to WordPress and Github websites.


Seguir con Seguridad para WordPress


About this document

This document is regulated by the EUPL v1.2 license, published in WP SysAdmin and created by Javier Casares. Please, if you use this content in your website, your presentation or any material you distribute, remember to mention this site or its author, and having to put the material you create under EUPL license.