Context Navigation

← Previous Changeset
Next Changeset →

Changeset 3081974

Timestamp:

05/06/2024 01:43:27 PM (21 months ago)

Author:

veppa

Message:

Added MU plugin feature. php 8.3 support

Location:

http-requests-manager

Files:

: 3 added
: 13 edited
: 6 copied

assets/screenshot-1.png (modified) (previous)
assets/screenshot-10.png (added)
assets/screenshot-2.png (modified) (previous)
assets/screenshot-3.png (modified) (previous)
assets/screenshot-4.png (modified) (previous)
assets/screenshot-5.png (modified) (previous)
assets/screenshot-6.png (modified) (previous)
assets/screenshot-7.png (modified) (previous)
assets/screenshot-8.png (modified) (previous)
assets/screenshot-9.png (modified) (previous)
tags/1.3.0 (copied) (copied from http-requests-manager/trunk)
tags/1.3.0/a-http-requests-manager.php (added)
tags/1.3.0/assets/css/admin.css (copied) (copied from http-requests-manager/trunk/assets/css/admin.css)
tags/1.3.0/assets/js/admin.js (copied) (copied from http-requests-manager/trunk/assets/js/admin.js) (4 diffs)
tags/1.3.0/http-requests-manager.php (copied) (copied from http-requests-manager/trunk/http-requests-manager.php) (27 diffs)
tags/1.3.0/readme.txt (copied) (copied from http-requests-manager/trunk/readme.txt) (8 diffs)
tags/1.3.0/templates/page-settings.php (copied) (copied from http-requests-manager/trunk/templates/page-settings.php) (2 diffs)
trunk/a-http-requests-manager.php (added)
trunk/assets/js/admin.js (modified) (4 diffs)
trunk/http-requests-manager.php (modified) (27 diffs)
trunk/readme.txt (modified) (8 diffs)
trunk/templates/page-settings.php (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed

http-requests-manager/tags/1.3.0/assets/js/admin.js

-                      r3003727
+                      r3081974
                 status = 'blocked';
+            }
+            else if (row.status_code == '200')
+            {
+            else if (row.status_code == '200' || !request_args.blocking)
+            {
                 status = 'success';
+            }
 …
                 stats.req_type_summary = VPHRM.summarize_data(stats.req_types, 0);
                 stats.req_source_summary = VPHRM.summarize_data(stats.req_sources, 10);
+                stats.num_allowed = stats.requests - stats.num_blocked;
+                stats.num_performance = stats.num_allowed ? (stats.requests / stats.num_allowed).toFixed(1) * 1 : 10;
                 stats.message = [
+                    '<span class="vphrm-card" title="' + (stats.num_blocked ? stats.num_performance + '×' : '-') + ' performance improvement">'
+                            + '<span class="vphrm-card-val">'
+                            + (stats.num_blocked ? stats.num_performance + '×' : '-')
+                            + '</span>'
+                            + '<span class="vphrm-card-name">'
+                            + 'Performance imp.'
+                            + '</span>'
+                            + '</span>',
                     '<span class="vphrm-card" title="' + stats.num_blocked + ' requests blocked out of ' + stats.requests + "\nRequest sources:\n" + stats.req_source_summary + '">'
                             + '<span class="vphrm-card-val">'
 …
         };
+        VPHRM.change_load_must_use = function ()
+        {
+            var $me = $(this);
+            var checked = $me.is(':checked');
+            $me.attr('disabled', 'disabled');
+            $.post(ajaxurl, {
+                'action': 'vphrm_load_must_use',
+                '_wpnonce': VPHRM.nonce,
+                'load_must_use': checked ? 1 : 0
+            }, function (data)
+            {
+                if (data.status == 'ok')
+                {
+                    // saved
+                }
+                else
+                {
+                    // data error
+                    alert(data.message);
+                    // revert to old cheched/unchecked state
+                    $me.prop('checked', !checked);
+                }
+            }, 'json')
+                    .fail(function (jqXHR, textStatus, error)
+                    {
+                        console.log(VPHRM.message_save_error + ": " + error);
+                        alert(VPHRM.message_save_error + ": " + error);
+                        // revert to old cheched/unchecked state
+                        $me.prop('checked', !checked);
+                    })
+                    .always(function ()
+                    {
+                        $me.removeAttr('disabled');
+                    });
+        };
         VPHRM.view_save = function ()
+        {
 …
             //
             $(document).on('change', 'input#disable_logging[type="checkbox"]', VPHRM.change_logging);
+            $(document).on('change', 'input#load_must_use[type="checkbox"]', VPHRM.change_load_must_use);
             // change view group

http-requests-manager/tags/1.3.0/http-requests-manager.php

-                      r3034389
+                      r3081974
   Plugin URI:   https://veppa.com/http-requests-manager/
   Description: Limit, disable, block, log all WP HTTP requests. Limit by request count, page load time or lower timeout for each request. Speed up login and admin pages.
   Version: 1.2.4
+  Version: 1.3.0
   Author: veppa
   Author URI: https://veppa.com/
 …
  * TODO:
  *  - show 47% requests blocked in dashboard at a glance. with option to remove from there.
  *  - disable wp_get_http_headers inside do_enclose  called inside do_all_pings. it checks if links inside content has audio or video to enclose. it is slow inside cron call.
+ *
  */
 defined('ABSPATH') or exit;
 …
+{
     const VERSION = '1.2.4';
+    const VERSION = '1.3.0';
     const ID = 'http-requests-manager';
+    const TIMEOUT = 2;
     public static $instance;
 …
     private static $custom_rules_limit = 10;
     private static $page_id;
+    private static $mu_plugin_file_name = '/a-http-requests-manager.php';
     private static $requests = array();
     private static $cron_status;
 …
         'cron',
         'ajax',
+        'rest_api'
+        'rest_api',
+        'xmlrpc'
     );
 …
         add_action('init', [$this, 'init']);
-        add_action('admin_menu', [$this, 'admin_menu']);
-        add_action('admin_enqueue_scripts', [$this, 'admin_scripts']);
         add_filter('http_request_args', [$this, 'start_timer']);
         add_action('http_api_debug', [$this, 'db_capture_request'], 10, 5);
 …
         add_action('pre_get_ready_cron_jobs', [$this, 'cron_prevent_in_my_ajax']);
         add_action('shutdown', [$this, 'db_update_page']);
+        add_filter('plugin_action_links', [$this, 'plugin_action_links'], 10, 2);
+        // admin page actions only. for optimisation purpose these are used only on admin pages
+        if(is_admin())
+        {
+            add_action('admin_menu', [$this, 'admin_menu']);
+            add_action('admin_enqueue_scripts', [$this, 'admin_scripts']);
+            add_action('admin_notices', [$this, 'admin_notice_show']);
+            add_filter('plugin_action_links', [$this, 'plugin_action_links'], 10, 2);
+        }
         /* ajax actions add only in ajax page */
 …
             add_action('wp_ajax_vphrm_mode_change', [$this, 'vphrm_mode_change']);
             add_action('wp_ajax_vphrm_disable_logging', [$this, 'vphrm_disable_logging']);
+            add_action('wp_ajax_vphrm_load_must_use', [$this, 'vphrm_load_must_use']);
             add_action('wp_ajax_vphrm_save_view', [$this, 'vphrm_save_view']);
             add_action('wp_ajax_vphrm_custom_rule_save', [$this, 'vphrm_custom_rule_save']);
 …
         // plugin uninstallation. ALWAYS USE STATIC METHOD
         register_uninstall_hook(__FILE__, ['HTTP_Requests_Manager', 'db_uninstall']);
+        register_activation_hook(__FILE__, ['HTTP_Requests_Manager', 'plugin_activate']);
+        register_deactivation_hook(__FILE__, ['HTTP_Requests_Manager', 'plugin_deactivate']);
         $this->manage();
 …
     static public function current_page_is_my_ajax()
+    {
         $arr_prevent_for_actions = array(
+        $arr_my_ajax_actions = array(
             'vphrm_query'                => true,
             'vphrm_clear'                => true,
             'vphrm_disable_logging'      => true,
+            'vphrm_load_must_use'        => true,
             'vphrm_save_view'            => true,
             'vphrm_custom_rule_save'     => true,
 …
         $action = empty($_POST['action']) ? '' : sanitize_text_field($_POST['action']);
         if(wp_doing_ajax() && !empty($action) && !empty($arr_prevent_for_actions[$action]))
+        if(wp_doing_ajax() && !empty($action) && !empty($arr_my_ajax_actions[$action]))
+        {
             // ajax page with my own requet
 …
+    }
+    function admin_notice_show()
+    {
+        $screen = get_current_screen();
+        // show only on plugin page
+        //To get the exact your screen ID just do var_dump($screen)
+        if($screen->id === 'tools_page_http-requests-manager')
+        {
+            // check MU plugin and show notification if needed
+            // fix if option and MU file do not match
+            $check = self::load_must_use_check();
+            if($check['status'] === 'error')
+            {
+                // show notification
+                echo '<div class="notice notice-warning is-dismissible">'
+                . '<p>' . esc_html($check['message']) . '</p>'
+                . '</div>';
+            }
+        }
+    }
     function admin_scripts($hook)
+    {
 …
+        }
+        wp_send_json($output);
+    }
+    /**
+     * copy MU file to MU plugin folder
+     */
+    private static function load_must_use_set()
+    {
+        $src = VPHRM_DIR . self::$mu_plugin_file_name;
+        $dest = WPMU_PLUGIN_DIR . self::$mu_plugin_file_name;
+        $output = array();
+        // create mu dir
+        if(!is_dir(WPMU_PLUGIN_DIR) && !wp_mkdir_p(WPMU_PLUGIN_DIR))
+        {
+            $output['status'] = 'error';
+            $output['message'] = __('Error creating MU plugins directory.', 'http-requests-manager');
+            return $output;
+        }
+        // remove old file if exists
+        if(file_exists($dest) && !unlink($dest))
+        {
+            $output['status'] = 'error';
+            $output['message'] = __('Error deleting old MU file', 'http-requests-manager');
+            return $output;
+        }
+        // copy new MU file
+        if(!file_exists($src) || !copy($src, $dest))
+        {
+            $output['status'] = 'error';
+            $output['message'] = __('Error copying plugin file to MU plugins directory.', 'http-requests-manager');
+            return $output;
+        }
+        // file copied
+        $output['status'] = 'ok';
+        $output['message'] = __('MU plugin file set.', 'http-requests-manager');
+        return $output;
+    }
+    /**
+     * remove MU file from MU plugin folder
+     */
+    private static function load_must_use_remove()
+    {
+        $dest = WPMU_PLUGIN_DIR . self::$mu_plugin_file_name;
+        $output = array();
+        // remove old file if exists
+        if(file_exists($dest) && !unlink($dest))
+        {
+            $output['status'] = 'error';
+            $output['message'] = __('Error deleting old MU file', 'http-requests-manager');
+            return $output;
+        }
+        // file removed
+        $output['status'] = 'ok';
+        $output['message'] = __('MU file deleted.', 'http-requests-manager');
+        return $output;
+    }
+    /**
+     * check if MU file matches selected loading option
+     */
+    private static function load_must_use_check()
+    {
+        // current status of must use
+        $load_must_use_status = '';
+        if(defined('VPHRM_MODE_INIT') && VPHRM_MODE_INIT)
+        {
+            // set
+            $load_must_use_status = 'set';
+        }
+        if(defined('VPHRM_MODE') && VPHRM_MODE)
+        {
+            // loaded
+            $load_must_use_status = 'loaded';
+        }
+        // instruction
+        $instruction = __('Please update "Load before other plugins" option in "Settings" tab.', 'http-requests-manager');
+        $output = array();
+        //  check option to priority loading and add MU file
+        if(self::get_option('load_must_use'))
+        {
+            // option enabled: set must use plugin if not already set and running
+            if($load_must_use_status === 'loaded')
+            {
+                // it is set and loaded. no problem
+            }
+            elseif($load_must_use_status === 'set')
+            {
+                // it is set but not loaded probably error loading plugin. just show warning message
+                $output['status'] = 'error';
+                $output['message'] = __('"Load before other plugins" option enabled but not loaded.', 'http-requests-manager') . ' ' . $instruction;
+            }
+            else
+            {
+                // set it and check for error
+                $set = self::load_must_use_set();
+                if($set['status'] === 'error')
+                {
+                    // remove option
+                    self::update_option('load_must_use', 0);
+                    $output['status'] = 'error';
+                    $output['message'] = __('Error setting "Load before other plugins" option.', 'http-requests-manager') . ' ' . $instruction;
+                }
+            }
+        }
+        else
+        {
+            // option diabled: MU should not be used
+            if($load_must_use_status === 'set' || $load_must_use_status === 'loaded')
+            {
+                // remove MU if it exists
+                $removed = self::load_must_use_remove();
+                if($removed['status'] === 'error')
+                {
+                    $output['status'] = 'error';
+                    $output['message'] = __('"Load before other plugins" option is not disabled.', 'http-requests-manager') . ' ' . $instruction;
+                }
+            }
+        }
+        // no error then ok
+        if(empty($output))
+        {
+            $output['status'] = 'ok';
+            $output['message'] = __('"Load before other plugins" option works as expected', 'http-requests-manager');
+        }
+        return $output;
+    }
+    /**
+     * remove MU file from MU plugin folder
+     */
+    private static function load_must_use_apply()
+    {
+        //  check option to priority loading and add MU file
+        if(self::get_option('load_must_use'))
+        {
+            // set must use plugin
+            self::load_must_use_set();
+        }
+        else
+        {
+            // remove must use plugin if it exists
+            self::load_must_use_remove();
+        }
+    }
+    function vphrm_load_must_use()
+    {
+        $this->validate();
+        $load_must_use = empty($_POST['load_must_use']) ? 0 : 1;
+        // depending on $load_must_use value add or remove a-http-requests-manager.php file from mu-plugins folder
+        if($load_must_use)
+        {
+            $file_output = self::load_must_use_set();
+        }
+        else
+        {
+            $file_output = self::load_must_use_remove();
+        }
+        if($file_output['status'] === 'ok')
+        {
+            // file operation ok. save option
+            $output = array();
+            if(self::update_option('load_must_use', $load_must_use))
+            {
+                $output['status'] = 'ok';
+                $output['message'] = __('Option saved', 'http-requests-manager');
+                $output['load_must_use'] = $load_must_use;
+            }
+            else
+            {
+                $output['status'] = 'error';
+                $output['message'] = __('Error saving option. Please try again.', 'http-requests-manager');
+            }
+        }
+        else
+        {
+            // pass error message to json
+            $output = $file_output;
+        }
         wp_send_json($output);
 …
             $this->append_request_info($parsed_args, $url);
             // cron|ajax|rest_api|login|admin|frontend
+            // cron|ajax|rest_api|xmlrpc|login|admin|frontend
             $current_where = self::current_page_type();
 …
+    }
     function start_timer($args)
+    function start_timer($args = array())
+    {
         self::cp('[start] request');
 …
         add_action('plugins_loaded', ['HTTP_Requests_Manager', 'cp_hook_start'], 0);
         add_action('plugins_loaded', ['HTTP_Requests_Manager', 'cp_hook_plugins_loaded'], PHP_INT_MAX);
+        add_action('muplugins_loaded', ['HTTP_Requests_Manager', 'cp_hook_plugins_loaded'], PHP_INT_MAX);
+    }
 …
+    {
         //echo '<!-- manage_timeout ('.$time.','.$url.') -->';
         return min(1, $time);
+        return min(self::TIMEOUT, $time);
+    }
 …
+    {
         // fix request time and retries count here as well
         $default_time = 1;
         // custom timings
+        $default_time = self::TIMEOUT;
+        // custom timings. add custom timeout per url here.
         $custom_time = array(
             'api.wordpress.org/plugins/info/' => 2
+                /* 'api.wordpress.org/plugins/info/' => 2  */
         );
 …
         if(self::$request_action === 'block')
+        {
+            $response = new WP_Error('http_request_not_executed', __('User has blocked requests through HTTP. (HTTP Requests Manager plugin: ' . self::$request_action_info . ')'));
+            /** This action is documented in wp-includes/class-wp-http.php */
+            do_action('http_api_debug', $response, 'response', 'WpOrg\Requests\Requests', $parsed_args, $url);
+            return $response;
+            return $this->manage_perform_request_blocking($parsed_args, $url);
+        }
         // pass without blocking
         return $pre;
+    }
+    /**
+     * Create error response for blocked request.
+     * Initiate recording to DB by calling action http_api_debug
+     * Return response error WP_Error.
+     * Used to record and response error message.
+     *
+     * Also can be used to prevent pingbacks and enclosure checking calls without even starting any request.
+     *
+     * @param type $parsed_args
+     * @param type $url
+     * @return \WP_Error
+     */
+    function manage_perform_request_blocking($parsed_args, $url)
+    {
+        $response = new WP_Error('http_request_not_executed', __('User has blocked requests through HTTP. (HTTP Requests Manager plugin: ' . self::$request_action_info . ')'));
+        /** This action is documented in wp-includes/class-wp-http.php */
+        do_action('http_api_debug', $response, 'response', 'WpOrg\Requests\Requests', $parsed_args, $url);
+        return $response;
+    }
+    /**
+     * Capture prevented requests before initiating any WP_HTTP calls.
+     *
+     * Used in disable_self_ping() and disable_not_obvious_enclosure_links() when removing urls from initiating request.
+     *
+     * @param type $url
+     * @return type
+     */
+    function manage_perform_request_blocking_by_url($url, $info = '')
+    {
+        $this->start_timer();
+        self::$request_action = 'block';
+        self::$request_action_info = 'prevented';
+        if(!empty($info))
+        {
+            self::$request_action_info .= ' ' . $info;
+        }
+        return $this->manage_perform_request_blocking(array(), $url);
+    }
 …
+            }
             self::$page_info['manager_mode'] = self::get_mode();
             self::$page_info['timer_before'] = self::$timer_before;
+        }
         // is_user_logged_in() is pluggable function and will be loaded before init event. use it only if it is already loaded.
         if(!isset(self::$page_info['is_user_logged_in']) && function_exists('is_user_logged_in'))
 …
             self::$page_info['is_user_logged_in'] = is_user_logged_in();
+        }
         // updated data
 …
     /**
      * Return current page type.
+     *
+     * @return string cron|ajax|rest_api|login|admin|frontend
+     * Id adding new page type update self::$page_types array with new page type group
+     *
+     * @return string cron|ajax|rest_api|xmlrpc|login|admin|frontend
      */
     static public function current_page_type()
 …
+            {
                 $return = 'rest_api';
+            }
+            if(is_null($return) && (defined('XMLRPC_REQUEST') && XMLRPC_REQUEST ))
+            {
+                $return = 'xmlrpc';
+            }
 …
         // disable self ping. disable ping to internal images and urls when publishing post. useless and takes long for page with 20+ internal links/images
         add_action('pre_ping', [$this, 'disable_self_ping']);
+        // prevent enclosure requests to non video/music files
+        add_filter('enclosure_links', [$this, 'disable_not_obvious_enclosure_links'], 10, 2);
         // disable maybe update checks in admin
 …
     /**
+     * disable non audio/video enclosure links
+     *
+     * @param type $post_links
+     * @param type $post_id
+     * @return type
+     */
+    function disable_not_obvious_enclosure_links($post_links, $post_id)
+    {
+        $post_links_new = array();
+        // allow only mp3, mp4 urls
+        if($post_links)
+        {
+            // enclosures can be audio or video. keep them.
+            // use only: ext -> audio/video mime types
+            $mime_types = wp_get_mime_types();
+            $mime_types_allowed = array();
+            foreach($mime_types as $exts => $mime)
+            {
+                if(strpos($mime, 'audio/') === 0 || strpos($mime, 'video/') === 0)
+                {
+                    $mime_types_allowed[$exts] = $mime;
+                }
+            }
+            // make unique post links
+            $post_links_unique = array();
+            foreach($post_links as $url)
+            {
+                $url = strip_fragment_from_url($url);
+                $post_links_unique[$url] = true;
+            }
+            $post_links = array_keys($post_links_unique);
+            unset($post_links_unique);
+            // check extension of url and keep mp3,mp4 urls only. other types are not enclosed anyway.
+            foreach($post_links as $url)
+            {
+                // check if it is not already added
+                if(!isset($post_links_new[$url]))
+                {
+                    $url_parts = parse_url($url);
+                    if(false !== $url_parts && !empty($url_parts['path']))
+                    {
+                        $extension = pathinfo($url_parts['path'], PATHINFO_EXTENSION);
+                        if(!empty($extension))
+                        {
+                            foreach($mime_types_allowed as $exts => $mime)
+                            {
+                                if(preg_match('!^(' . $exts . ')$!i', $extension))
+                                {
+                                    // allowed extension. can be enclosed
+                                    $post_links_new[$url] = true;
+                                    break;
+                                }
+                            }
+                        }
+                    }
+                }
+                // record as prevented request if not enclosable
+                if(!isset($post_links_new[$url]))
+                {
+                    $this->manage_perform_request_blocking_by_url($url, 'enclosure_links');
+                }
+            }
+        }
+        // return unique urls
+        return array_keys($post_links_new);
+    }
+    /**
      *  add settings link to plugin listing
      */
 …
+        }
         return $links;
+    }
+    /**
+     *  remove some features on deactivation
+     */
+    public static function plugin_deactivate()
+    {
+        //  remove MU Must-Use plugin file if exists
+        self::load_must_use_remove();
+    }
+    /**
+     *  perform on plugin activation
+     */
+    public static function plugin_activate()
+    {
+        self::load_must_use_apply();
+    }
 …
                 // unset later because unsetting here will skip some links as array size changes inside this loop.
                 // unset($links[$l]);
+                $this->manage_perform_request_blocking_by_url($link, 'pre_ping');
+            }
+        }

http-requests-manager/tags/1.3.0/readme.txt

-                      r3034389
+                      r3081974
 Requires at least: 4.9
 Tested up to: 6.4
 Stable tag: 1.2.4
+Stable tag: 1.3.0
 License: GPLv2
 …
 == Description ==
 = Prevent WP HTTP request to slow down your WordPress website and admin interface =
+= Prevent WP HTTP requests from slowing down your WordPress website and admin interface =
 Do you have a slow WordPress admin that takes longer than usual to load? Sometime longer than 5 seconds to load admin or login pages. In rare occasions WordPress may even timeout and show 504 page.
 Reason may be slow external WP_HTTP requests. [HTTP Requests Manager plugin](https://veppa.com/http-requests-manager/) will log all WP HTTP requests with time taken to complete each request. If there are multiple request per page they will be color grouped.
 Plugin tested  with PHP version 5.6, 7.x and up to 8.2.
+Reason may be slow external WP_HTTP requests. [HTTP Requests Manager plugin](https://veppa.com/http-requests-manager/) will log all WP HTTP requests with time taken to complete for each request. If there are multiple requests per page they will be color grouped.
+Plugin tested with PHP version 5.6, 7.x and up to 8.3.
 = Do not confuse WP_HTTP request with HTML requests that loads page assets like js, css, image, font =
 …
 Plugin will not detect any requests made by other WordPress classes like WP_Http_Curl or PHP functions like curl_exec, fsockopen, file_get_contents etc.
 Do not confuse it with HTML requests (loading assets like css, js, image) done by HTML page.  WP_Http requests are performed only inside PHP files and not visible in web browser.
+Do not confuse it with HTML requests (loading assets like css, js, image) done by HTML page. WP_Http requests are performed only inside PHP files and not visible in web browser.
 [Learn more about difference between WP_Http requests and HTML requests](https://veppa.com/http-requests-manager/#what_is_detected_with_http_requests_manager)
 = How plugin prevents slow pages containing WP_HTTP requests?  =
+= How plugin prevents slow pages containing WP_HTTP requests? =
 Plugin helps to prevent website slowdown by:
 * Sets request timeout period to 1 second. Where default is 5.
+* Sets request timeout period to 2 second. Where default is 5.
 * Limit number of request per page by 3. Default is unlimited.
 * Limit WP HTTP request if page load time is longer than 3 seconds. Default is unlimited.
 …
 . Page processing time exceeded 3 seconds.
 . Number of request for single page reached 3.
 . Sets timeout for each request to 1 second.
+. Sets timeout for each request to 2 second.
 . Sets number of redirects for request to 1.
 . Apply custom rules for "Smart block" defined in settings.
 . Prevent some built in requests: happy browser, maybe update, self pings.
 . Skip limitations listed above for: file downloads (plugin, theme, other), requests inside cron jobs.
+. Prevent some built in requests: happy browser, maybe update, self pings, do_enclose.
+. Skip some limitations listed above for: file downloads (plugin, theme, other), requests inside cron jobs.
 - **Block external requests** — all requests not matching your current domain will be blocked. No updates for WordPress core, plugins and themes. (+ Smart block features.)
 - **Block external requests (allow WordPress.org only)** — all requests not matching your current domain and wordpress.org will be blocked. Allows updates for WordPress core, plugins and themes coming from wordpress.org website. (+ Smart block features.)
 …
 After using plugin for some time and knowing which requests are performed you can disable logging. Operation mode will remain unchanged. Request blocking will remain in tact. No new logs will be recorded. You can analyze old logs, they will not be deleted.
+= Load before other plugins  =
+In order to catch more requests you can enable "Load before other plugins" option. It uses Must-Use plugin feature and load before other regular plugins. This way you will make sure to detect all WP_HTTP requests by other plugins.
 = Custom rules for "Smart Block" mode =
 …
 = Features =
+* View performance improvement of your WordPress website due to blocking some remote HTTP requests.
 * View blocked requests by this plugin. Show reason why it was blocked.
 * View failed requests with error message.
 * View what initiated HTTP request: WordPress core, plugin or theme.
 * View on which page request was made. Also view page type is frontend, admin, login, cron, ajax or rest_api.
+* View on which page request was made. Also view page type is frontend, admin, login, cron, ajax, xmlrpc or rest_api.
 * View list of other requests made on same page view.
 * View sent and received data.
 …
 == Screenshots ==
+. Screenshot shows latest HTTP requests and reason why they are blocked. Also summary show at the top with total percentage of blocked requests (63% in current view). Hosts card shows that there are 7 different hosts were requests sent. When you hover over card tooltip will show breakdown of hosts in percentage. We can see that 73% or requests were made to api.wordpress.org website. Also we can see that plugins actively using external requests to load data and some promotions from their servers.
+. WP_HTTP request and response data. Popup opens when you click on request from table. Page and request times shows as well.
+. Blocked request due to page time exceeding 3 seconds. Additional information regarding page shown with currently active manager mode.
+. Check point shows how plugins and requests effect page time and memory usage.
+. Group requests to simplify report. You can group by request domain, page type, initiator, response status etc. Bar colors will visually indicate requests by response status as blocked orange, success green, error red.
+. Requests grouped by initiator core / theme / plugin. Clicking on group will reveal requests inside that group.
+. Settings page to select operation mode, disable logging and adding custom rules. Settings will be saved each time when you change any option.
+. Select operation mode to fit your need. Only blocking modes will speed up WordPress admin pages. Be aware that blocking modes may break functionality of some plugins that rely on external API requests.
+. Define custom rules to always allow some plugins or domains only in "Smart block" mode. Custom rules will be ordered by high priority. First matching rule will be applied.
+. Screenshot shows latest HTTP requests and reason why they are blocked. Summary cards at the top show total percentage of blocked requests (54% in current view). You can also see estimated performance improvement 2.2x because of blocking some remote requests. Hosts card shows that there are 3 different hosts were requests sent. When you hover over card tooltip will show breakdown of hosts in percentage. We can see that 31% or requests were made to api.wordpress.org website. Also we can see that plugins actively using external requests to load data and some promotions from their servers.
+. When Smart Block enabled total page generation time will be limited to 3 seconds. Page with 10 requests, will improve from 11-12 seconds to 3 seconds, regardless of web hosting resources.
+. WP_HTTP request and response data. Popup opens when you click on request from table. Page and request times shows as well.
+. Blocked request due to page time exceeding 3 seconds. Additional information regarding page shown with currently active manager mode.
+. Check point shows how plugins and requests effect page time and memory usage.
+. Group requests to simplify report. You can group by request domain, page type, initiator, response status etc. Bar colors will visually indicate requests by response status as blocked orange, success green, error red.
+. Requests grouped by initiator core / theme / plugin. Clicking on group will reveal requests inside that group.
+. Settings page to select operation mode, disable logging and adding custom rules. Settings will be saved each time when you change any option.
+. Select operation mode to fit your need. Only blocking modes will speed up WordPress admin pages. Be aware that blocking modes may break functionality of some plugins that rely on external API requests.
+. Define custom rules to always allow some plugins or domains only in "Smart block" mode. Custom rules will be ordered by high priority. First matching rule will be applied.
 …
 All pages with WP_HTTP requests are recorded. Slow pages without any WP_HTTP requests are not recorded.
+= Which remote requests are not detected? =
+This plugin detects only requests made using [WP_HTTP](https://developer.wordpress.org/reference/classes/wp_http/) class defined by WordPress. It is preferred way of doing remote requests. WordPress core and most plugins/themes use it.
+Plugin will not detect requests made using other classes and functions. For example remote requests made with WordPress class [WP_Http_Curl](https://developer.wordpress.org/reference/classes/wp_http_curl/) (deprecated starting from WordPress version 6.4) or PHP functions like curl_exec, fsockopen, file_get_contents are not detected by this plugin.  Because they do not have hooks similar to WordPress to manage requests before making them.
+Unfortunately when plugin/theme uses other functions (not WP_HTTP class) they will not be detected by this plugin.
+= How much performance improvement can be gained? =
+Performance gain on pages with WP_HTTP requests can be up to 5x. It all depends on which blocking method used and how heavyly remote requests are used by core and pugins.
+= Are all WordPress pages have WP_HTTP requests? =
+No. WP_HTTP requests are performed periodically or on certain action. When you check logged requests, there will be around 50-100 pages with requests per day. On website with 10k daily page views (human and bot traffic) it will make around 1% of all pages.
+= How can I feel speed improvement provided by this plugin? =
+You will most likely feel speed difference in admin area. Pages previously loading slowly or timing out regularly should load much faster.
 == Changelog ==
+= 1.3.0 - 6 May 2024 =
+* Added: priority loading mode using MU plugin feature. Plugin will load as Must-Use plugin before other plugins for catching as many requests as possible.
+* Added: Prevent requests initiated by do_enclose function after adding/updating post with images and links. Every time when post saved all links inside post will be requested for checking their file type. For example post with 20 links and 10 images will make 30 requests to check file type for each URL. Only audio and video URLs are saved as enclosure. Other requests are not used and wastes server resources. This request prevention will eliminate tens of requests to non audio/video URLs. When enabled related cron request for post with 30 URLs will finish in 1 second instead of 30 seconds.
+* Added: Log prevented requests for better understanding what is changed after enabling some blocking mode. Previously prevented self pings and do_enclose requests were not logged.
+* Added: Calls from xmlrpc.php file are moved to new page group called "xmlrpc" from previous "frontend".
+* Added: Summary card showing average performance improvement occurred due to blocking some remote API/HTTP requests.
+* Fixed: increased request timeout from 1 second to 2 seconds for allowing enough time to complete CURL calls made to HTTPS servers.
+* Fixed: responses to non streaming requests will be grouped as "success" instead of "error".
 = 1.2.4 - 12 February 2024 =
 *  Fixed: prevent calling is_user_logged_in function when it is not declared.
+* Fixed: prevent calling is_user_logged_in function when it is not declared.
 = 1.2.3 - 30 November 2023 =
 *  Fixed: Domain select box population when adding new Custom Rule.
+* Fixed: Domain select box population when adding new Custom Rule.
 = 1.2.2 - 29 November 2023 =
 *  Fixed: Variable name typo inside get_arr_val function.
+* Fixed: Variable name typo inside get_arr_val function.
 = 1.2.1 - 29 November 2023 =
  *  Fixed: Incorrect links in options page.
+* Fixed: Incorrect links in options page.
 = 1.2.0 - 28 November 2023 =
  *  Added: Separate tabs for log, settings, more tools
  *  Added: Group request logs by URL, domain, page, page type, plugin, response status etc. Better for viewing important information.
  *  Added: Custom rules to block/allow by all/domain/plugin in everywhere/admin/frontend/ajax/cron/rest_api/login. Maximum 10 custom rules can be added. Custom rules apply only in smart block mode.
  *  Added: Option to disable logging. Old logs can be viewed. Plugin will work a bit faster when logging disabled.
  *  Added: Disable self ping (only when blocking in "smart block+" mode). Self ping sends pings to images and links on same domain. Post with 20+ links and images will take 10+ seconds to send self pings.
  *  Added: Disable auto update check on admin page in "smart block+" mode. _maybe_update_core, _maybe_update_themes, _maybe_update_plugins slows down admin pages up to 5+ seconds on first visit after 12 hours and can even timeout. Update checks via cron is not effected.
  *  Fixed: Undefined array key "file" error
  *  Update: Store last 1k records
+* Added: Separate tabs for log, settings, more tools
+* Added: Group request logs by URL, domain, page, page type, plugin, response status etc. Better for viewing important information.
+* Added: Custom rules to block/allow by all/domain/plugin in everywhere/admin/frontend/ajax/cron/rest_api/login. Maximum 10 custom rules can be added. Custom rules apply only in smart block mode.
+* Added: Option to disable logging. Old logs can be viewed. Plugin will work a bit faster when logging disabled.
+* Added: Disable self ping (only when blocking in "smart block+" mode). Self ping sends pings to images and links on same domain. Post with 20+ links and images will take 10+ seconds to send self pings.
+* Added: Disable auto update check on admin page in "smart block+" mode. _maybe_update_core, _maybe_update_themes, _maybe_update_plugins slows down admin pages up to 5+ seconds on first visit after 12 hours and can even timeout. Update checks via cron is not effected.
+* Fixed: Undefined array key "file" error
+* Update: Store last 1k records
 = 1.1.0 - 12 June 2023 =

http-requests-manager/tags/1.3.0/templates/page-settings.php

-                      r3003727
+                      r3081974
                                 — <a href="#help"><?php echo __('Which one to choose?', 'http-requests-manager'); ?></a>
                             </p>
+                        </td>
+                    </tr>
+                    <tr>
+                        <th scope="row"><label><?php _e('Load before other plugins', 'http-requests-manager'); ?></label></th>
+                        <td>
+                            <input type="checkbox" name="load_must_use" value="1" id="load_must_use" <?php echo (HTTP_Requests_Manager::get_option('load_must_use') ? ' checked="checked"' : '') ?> />
+                            <label for="load_must_use">Enable priority loading with Must-Use plugin feature.</label>
                         </td>
                     </tr>
 …
                             <li><?php _e('Page processing time exceeded 3 seconds.', 'http-requests-manager'); ?></li>
                             <li><?php _e('Number of request for single page reached 3.', 'http-requests-manager'); ?></li>
                             <li><?php _e('Sets timeout for each request (except file downloads) to 1 second.', 'http-requests-manager'); ?></li>
+                            <li><?php _e('Sets timeout for each request (except file downloads) to 2 second.', 'http-requests-manager'); ?></li>
                             <li><?php _e('Sets number of redirects for request to 1.', 'http-requests-manager'); ?></li>
                             <li><?php _e('Apply custom rules for "Smart block" defined in settings.', 'http-requests-manager'); ?></li>
+                            <li><?php _e('Prevent some built in requests: happy browser, maybe update, self pings.', 'http-requests-manager'); ?></li>
+                            <li><?php _e('Prevent some built in requests: happy browser, maybe update, self pings, do_enclose.', 'http-requests-manager'); ?></li>
+                            <li><?php _e('Skip some limitations listed above for: file downloads (plugin, theme, other), requests inside cron jobs.', 'http-requests-manager'); ?></li>
                         </ol>
                     </li>

http-requests-manager/trunk/assets/js/admin.js

-                      r3003727
+                      r3081974
                 status = 'blocked';
+            }
+            else if (row.status_code == '200')
+            {
+            else if (row.status_code == '200' || !request_args.blocking)
+            {
                 status = 'success';
+            }
 …
                 stats.req_type_summary = VPHRM.summarize_data(stats.req_types, 0);
                 stats.req_source_summary = VPHRM.summarize_data(stats.req_sources, 10);
+                stats.num_allowed = stats.requests - stats.num_blocked;
+                stats.num_performance = stats.num_allowed ? (stats.requests / stats.num_allowed).toFixed(1) * 1 : 10;
                 stats.message = [
+                    '<span class="vphrm-card" title="' + (stats.num_blocked ? stats.num_performance + '×' : '-') + ' performance improvement">'
+                            + '<span class="vphrm-card-val">'
+                            + (stats.num_blocked ? stats.num_performance + '×' : '-')
+                            + '</span>'
+                            + '<span class="vphrm-card-name">'
+                            + 'Performance imp.'
+                            + '</span>'
+                            + '</span>',
                     '<span class="vphrm-card" title="' + stats.num_blocked + ' requests blocked out of ' + stats.requests + "\nRequest sources:\n" + stats.req_source_summary + '">'
                             + '<span class="vphrm-card-val">'
 …
         };
+        VPHRM.change_load_must_use = function ()
+        {
+            var $me = $(this);
+            var checked = $me.is(':checked');
+            $me.attr('disabled', 'disabled');
+            $.post(ajaxurl, {
+                'action': 'vphrm_load_must_use',
+                '_wpnonce': VPHRM.nonce,
+                'load_must_use': checked ? 1 : 0
+            }, function (data)
+            {
+                if (data.status == 'ok')
+                {
+                    // saved
+                }
+                else
+                {
+                    // data error
+                    alert(data.message);
+                    // revert to old cheched/unchecked state
+                    $me.prop('checked', !checked);
+                }
+            }, 'json')
+                    .fail(function (jqXHR, textStatus, error)
+                    {
+                        console.log(VPHRM.message_save_error + ": " + error);
+                        alert(VPHRM.message_save_error + ": " + error);
+                        // revert to old cheched/unchecked state
+                        $me.prop('checked', !checked);
+                    })
+                    .always(function ()
+                    {
+                        $me.removeAttr('disabled');
+                    });
+        };
         VPHRM.view_save = function ()
+        {
 …
             //
             $(document).on('change', 'input#disable_logging[type="checkbox"]', VPHRM.change_logging);
+            $(document).on('change', 'input#load_must_use[type="checkbox"]', VPHRM.change_load_must_use);
             // change view group

http-requests-manager/trunk/http-requests-manager.php

-                      r3034389
+                      r3081974
   Plugin URI:   https://veppa.com/http-requests-manager/
   Description: Limit, disable, block, log all WP HTTP requests. Limit by request count, page load time or lower timeout for each request. Speed up login and admin pages.
   Version: 1.2.4
+  Version: 1.3.0
   Author: veppa
   Author URI: https://veppa.com/
 …
  * TODO:
  *  - show 47% requests blocked in dashboard at a glance. with option to remove from there.
  *  - disable wp_get_http_headers inside do_enclose  called inside do_all_pings. it checks if links inside content has audio or video to enclose. it is slow inside cron call.
+ *
  */
 defined('ABSPATH') or exit;
 …
+{
     const VERSION = '1.2.4';
+    const VERSION = '1.3.0';
     const ID = 'http-requests-manager';
+    const TIMEOUT = 2;
     public static $instance;
 …
     private static $custom_rules_limit = 10;
     private static $page_id;
+    private static $mu_plugin_file_name = '/a-http-requests-manager.php';
     private static $requests = array();
     private static $cron_status;
 …
         'cron',
         'ajax',
+        'rest_api'
+        'rest_api',
+        'xmlrpc'
     );
 …
         add_action('init', [$this, 'init']);
-        add_action('admin_menu', [$this, 'admin_menu']);
-        add_action('admin_enqueue_scripts', [$this, 'admin_scripts']);
         add_filter('http_request_args', [$this, 'start_timer']);
         add_action('http_api_debug', [$this, 'db_capture_request'], 10, 5);
 …
         add_action('pre_get_ready_cron_jobs', [$this, 'cron_prevent_in_my_ajax']);
         add_action('shutdown', [$this, 'db_update_page']);
+        add_filter('plugin_action_links', [$this, 'plugin_action_links'], 10, 2);
+        // admin page actions only. for optimisation purpose these are used only on admin pages
+        if(is_admin())
+        {
+            add_action('admin_menu', [$this, 'admin_menu']);
+            add_action('admin_enqueue_scripts', [$this, 'admin_scripts']);
+            add_action('admin_notices', [$this, 'admin_notice_show']);
+            add_filter('plugin_action_links', [$this, 'plugin_action_links'], 10, 2);
+        }
         /* ajax actions add only in ajax page */
 …
             add_action('wp_ajax_vphrm_mode_change', [$this, 'vphrm_mode_change']);
             add_action('wp_ajax_vphrm_disable_logging', [$this, 'vphrm_disable_logging']);
+            add_action('wp_ajax_vphrm_load_must_use', [$this, 'vphrm_load_must_use']);
             add_action('wp_ajax_vphrm_save_view', [$this, 'vphrm_save_view']);
             add_action('wp_ajax_vphrm_custom_rule_save', [$this, 'vphrm_custom_rule_save']);
 …
         // plugin uninstallation. ALWAYS USE STATIC METHOD
         register_uninstall_hook(__FILE__, ['HTTP_Requests_Manager', 'db_uninstall']);
+        register_activation_hook(__FILE__, ['HTTP_Requests_Manager', 'plugin_activate']);
+        register_deactivation_hook(__FILE__, ['HTTP_Requests_Manager', 'plugin_deactivate']);
         $this->manage();
 …
     static public function current_page_is_my_ajax()
+    {
         $arr_prevent_for_actions = array(
+        $arr_my_ajax_actions = array(
             'vphrm_query'                => true,
             'vphrm_clear'                => true,
             'vphrm_disable_logging'      => true,
+            'vphrm_load_must_use'        => true,
             'vphrm_save_view'            => true,
             'vphrm_custom_rule_save'     => true,
 …
         $action = empty($_POST['action']) ? '' : sanitize_text_field($_POST['action']);
         if(wp_doing_ajax() && !empty($action) && !empty($arr_prevent_for_actions[$action]))
+        if(wp_doing_ajax() && !empty($action) && !empty($arr_my_ajax_actions[$action]))
+        {
             // ajax page with my own requet
 …
+    }
+    function admin_notice_show()
+    {
+        $screen = get_current_screen();
+        // show only on plugin page
+        //To get the exact your screen ID just do var_dump($screen)
+        if($screen->id === 'tools_page_http-requests-manager')
+        {
+            // check MU plugin and show notification if needed
+            // fix if option and MU file do not match
+            $check = self::load_must_use_check();
+            if($check['status'] === 'error')
+            {
+                // show notification
+                echo '<div class="notice notice-warning is-dismissible">'
+                . '<p>' . esc_html($check['message']) . '</p>'
+                . '</div>';
+            }
+        }
+    }
     function admin_scripts($hook)
+    {
 …
+        }
+        wp_send_json($output);
+    }
+    /**
+     * copy MU file to MU plugin folder
+     */
+    private static function load_must_use_set()
+    {
+        $src = VPHRM_DIR . self::$mu_plugin_file_name;
+        $dest = WPMU_PLUGIN_DIR . self::$mu_plugin_file_name;
+        $output = array();
+        // create mu dir
+        if(!is_dir(WPMU_PLUGIN_DIR) && !wp_mkdir_p(WPMU_PLUGIN_DIR))
+        {
+            $output['status'] = 'error';
+            $output['message'] = __('Error creating MU plugins directory.', 'http-requests-manager');
+            return $output;
+        }
+        // remove old file if exists
+        if(file_exists($dest) && !unlink($dest))
+        {
+            $output['status'] = 'error';
+            $output['message'] = __('Error deleting old MU file', 'http-requests-manager');
+            return $output;
+        }
+        // copy new MU file
+        if(!file_exists($src) || !copy($src, $dest))
+        {
+            $output['status'] = 'error';
+            $output['message'] = __('Error copying plugin file to MU plugins directory.', 'http-requests-manager');
+            return $output;
+        }
+        // file copied
+        $output['status'] = 'ok';
+        $output['message'] = __('MU plugin file set.', 'http-requests-manager');
+        return $output;
+    }
+    /**
+     * remove MU file from MU plugin folder
+     */
+    private static function load_must_use_remove()
+    {
+        $dest = WPMU_PLUGIN_DIR . self::$mu_plugin_file_name;
+        $output = array();
+        // remove old file if exists
+        if(file_exists($dest) && !unlink($dest))
+        {
+            $output['status'] = 'error';
+            $output['message'] = __('Error deleting old MU file', 'http-requests-manager');
+            return $output;
+        }
+        // file removed
+        $output['status'] = 'ok';
+        $output['message'] = __('MU file deleted.', 'http-requests-manager');
+        return $output;
+    }
+    /**
+     * check if MU file matches selected loading option
+     */
+    private static function load_must_use_check()
+    {
+        // current status of must use
+        $load_must_use_status = '';
+        if(defined('VPHRM_MODE_INIT') && VPHRM_MODE_INIT)
+        {
+            // set
+            $load_must_use_status = 'set';
+        }
+        if(defined('VPHRM_MODE') && VPHRM_MODE)
+        {
+            // loaded
+            $load_must_use_status = 'loaded';
+        }
+        // instruction
+        $instruction = __('Please update "Load before other plugins" option in "Settings" tab.', 'http-requests-manager');
+        $output = array();
+        //  check option to priority loading and add MU file
+        if(self::get_option('load_must_use'))
+        {
+            // option enabled: set must use plugin if not already set and running
+            if($load_must_use_status === 'loaded')
+            {
+                // it is set and loaded. no problem
+            }
+            elseif($load_must_use_status === 'set')
+            {
+                // it is set but not loaded probably error loading plugin. just show warning message
+                $output['status'] = 'error';
+                $output['message'] = __('"Load before other plugins" option enabled but not loaded.', 'http-requests-manager') . ' ' . $instruction;
+            }
+            else
+            {
+                // set it and check for error
+                $set = self::load_must_use_set();
+                if($set['status'] === 'error')
+                {
+                    // remove option
+                    self::update_option('load_must_use', 0);
+                    $output['status'] = 'error';
+                    $output['message'] = __('Error setting "Load before other plugins" option.', 'http-requests-manager') . ' ' . $instruction;
+                }
+            }
+        }
+        else
+        {
+            // option diabled: MU should not be used
+            if($load_must_use_status === 'set' || $load_must_use_status === 'loaded')
+            {
+                // remove MU if it exists
+                $removed = self::load_must_use_remove();
+                if($removed['status'] === 'error')
+                {
+                    $output['status'] = 'error';
+                    $output['message'] = __('"Load before other plugins" option is not disabled.', 'http-requests-manager') . ' ' . $instruction;
+                }
+            }
+        }
+        // no error then ok
+        if(empty($output))
+        {
+            $output['status'] = 'ok';
+            $output['message'] = __('"Load before other plugins" option works as expected', 'http-requests-manager');
+        }
+        return $output;
+    }
+    /**
+     * remove MU file from MU plugin folder
+     */
+    private static function load_must_use_apply()
+    {
+        //  check option to priority loading and add MU file
+        if(self::get_option('load_must_use'))
+        {
+            // set must use plugin
+            self::load_must_use_set();
+        }
+        else
+        {
+            // remove must use plugin if it exists
+            self::load_must_use_remove();
+        }
+    }
+    function vphrm_load_must_use()
+    {
+        $this->validate();
+        $load_must_use = empty($_POST['load_must_use']) ? 0 : 1;
+        // depending on $load_must_use value add or remove a-http-requests-manager.php file from mu-plugins folder
+        if($load_must_use)
+        {
+            $file_output = self::load_must_use_set();
+        }
+        else
+        {
+            $file_output = self::load_must_use_remove();
+        }
+        if($file_output['status'] === 'ok')
+        {
+            // file operation ok. save option
+            $output = array();
+            if(self::update_option('load_must_use', $load_must_use))
+            {
+                $output['status'] = 'ok';
+                $output['message'] = __('Option saved', 'http-requests-manager');
+                $output['load_must_use'] = $load_must_use;
+            }
+            else
+            {
+                $output['status'] = 'error';
+                $output['message'] = __('Error saving option. Please try again.', 'http-requests-manager');
+            }
+        }
+        else
+        {
+            // pass error message to json
+            $output = $file_output;
+        }
         wp_send_json($output);
 …
             $this->append_request_info($parsed_args, $url);
             // cron|ajax|rest_api|login|admin|frontend
+            // cron|ajax|rest_api|xmlrpc|login|admin|frontend
             $current_where = self::current_page_type();
 …
+    }
     function start_timer($args)
+    function start_timer($args = array())
+    {
         self::cp('[start] request');
 …
         add_action('plugins_loaded', ['HTTP_Requests_Manager', 'cp_hook_start'], 0);
         add_action('plugins_loaded', ['HTTP_Requests_Manager', 'cp_hook_plugins_loaded'], PHP_INT_MAX);
+        add_action('muplugins_loaded', ['HTTP_Requests_Manager', 'cp_hook_plugins_loaded'], PHP_INT_MAX);
+    }
 …
+    {
         //echo '<!-- manage_timeout ('.$time.','.$url.') -->';
         return min(1, $time);
+        return min(self::TIMEOUT, $time);
+    }
 …
+    {
         // fix request time and retries count here as well
         $default_time = 1;
         // custom timings
+        $default_time = self::TIMEOUT;
+        // custom timings. add custom timeout per url here.
         $custom_time = array(
             'api.wordpress.org/plugins/info/' => 2
+                /* 'api.wordpress.org/plugins/info/' => 2  */
         );
 …
         if(self::$request_action === 'block')
+        {
+            $response = new WP_Error('http_request_not_executed', __('User has blocked requests through HTTP. (HTTP Requests Manager plugin: ' . self::$request_action_info . ')'));
+            /** This action is documented in wp-includes/class-wp-http.php */
+            do_action('http_api_debug', $response, 'response', 'WpOrg\Requests\Requests', $parsed_args, $url);
+            return $response;
+            return $this->manage_perform_request_blocking($parsed_args, $url);
+        }
         // pass without blocking
         return $pre;
+    }
+    /**
+     * Create error response for blocked request.
+     * Initiate recording to DB by calling action http_api_debug
+     * Return response error WP_Error.
+     * Used to record and response error message.
+     *
+     * Also can be used to prevent pingbacks and enclosure checking calls without even starting any request.
+     *
+     * @param type $parsed_args
+     * @param type $url
+     * @return \WP_Error
+     */
+    function manage_perform_request_blocking($parsed_args, $url)
+    {
+        $response = new WP_Error('http_request_not_executed', __('User has blocked requests through HTTP. (HTTP Requests Manager plugin: ' . self::$request_action_info . ')'));
+        /** This action is documented in wp-includes/class-wp-http.php */
+        do_action('http_api_debug', $response, 'response', 'WpOrg\Requests\Requests', $parsed_args, $url);
+        return $response;
+    }
+    /**
+     * Capture prevented requests before initiating any WP_HTTP calls.
+     *
+     * Used in disable_self_ping() and disable_not_obvious_enclosure_links() when removing urls from initiating request.
+     *
+     * @param type $url
+     * @return type
+     */
+    function manage_perform_request_blocking_by_url($url, $info = '')
+    {
+        $this->start_timer();
+        self::$request_action = 'block';
+        self::$request_action_info = 'prevented';
+        if(!empty($info))
+        {
+            self::$request_action_info .= ' ' . $info;
+        }
+        return $this->manage_perform_request_blocking(array(), $url);
+    }
 …
+            }
             self::$page_info['manager_mode'] = self::get_mode();
             self::$page_info['timer_before'] = self::$timer_before;
+        }
         // is_user_logged_in() is pluggable function and will be loaded before init event. use it only if it is already loaded.
         if(!isset(self::$page_info['is_user_logged_in']) && function_exists('is_user_logged_in'))
 …
             self::$page_info['is_user_logged_in'] = is_user_logged_in();
+        }
         // updated data
 …
     /**
      * Return current page type.
+     *
+     * @return string cron|ajax|rest_api|login|admin|frontend
+     * Id adding new page type update self::$page_types array with new page type group
+     *
+     * @return string cron|ajax|rest_api|xmlrpc|login|admin|frontend
      */
     static public function current_page_type()
 …
+            {
                 $return = 'rest_api';
+            }
+            if(is_null($return) && (defined('XMLRPC_REQUEST') && XMLRPC_REQUEST ))
+            {
+                $return = 'xmlrpc';
+            }
 …
         // disable self ping. disable ping to internal images and urls when publishing post. useless and takes long for page with 20+ internal links/images
         add_action('pre_ping', [$this, 'disable_self_ping']);
+        // prevent enclosure requests to non video/music files
+        add_filter('enclosure_links', [$this, 'disable_not_obvious_enclosure_links'], 10, 2);
         // disable maybe update checks in admin
 …
     /**
+     * disable non audio/video enclosure links
+     *
+     * @param type $post_links
+     * @param type $post_id
+     * @return type
+     */
+    function disable_not_obvious_enclosure_links($post_links, $post_id)
+    {
+        $post_links_new = array();
+        // allow only mp3, mp4 urls
+        if($post_links)
+        {
+            // enclosures can be audio or video. keep them.
+            // use only: ext -> audio/video mime types
+            $mime_types = wp_get_mime_types();
+            $mime_types_allowed = array();
+            foreach($mime_types as $exts => $mime)
+            {
+                if(strpos($mime, 'audio/') === 0 || strpos($mime, 'video/') === 0)
+                {
+                    $mime_types_allowed[$exts] = $mime;
+                }
+            }
+            // make unique post links
+            $post_links_unique = array();
+            foreach($post_links as $url)
+            {
+                $url = strip_fragment_from_url($url);
+                $post_links_unique[$url] = true;
+            }
+            $post_links = array_keys($post_links_unique);
+            unset($post_links_unique);
+            // check extension of url and keep mp3,mp4 urls only. other types are not enclosed anyway.
+            foreach($post_links as $url)
+            {
+                // check if it is not already added
+                if(!isset($post_links_new[$url]))
+                {
+                    $url_parts = parse_url($url);
+                    if(false !== $url_parts && !empty($url_parts['path']))
+                    {
+                        $extension = pathinfo($url_parts['path'], PATHINFO_EXTENSION);
+                        if(!empty($extension))
+                        {
+                            foreach($mime_types_allowed as $exts => $mime)
+                            {
+                                if(preg_match('!^(' . $exts . ')$!i', $extension))
+                                {
+                                    // allowed extension. can be enclosed
+                                    $post_links_new[$url] = true;
+                                    break;
+                                }
+                            }
+                        }
+                    }
+                }
+                // record as prevented request if not enclosable
+                if(!isset($post_links_new[$url]))
+                {
+                    $this->manage_perform_request_blocking_by_url($url, 'enclosure_links');
+                }
+            }
+        }
+        // return unique urls
+        return array_keys($post_links_new);
+    }
+    /**
      *  add settings link to plugin listing
      */
 …
+        }
         return $links;
+    }
+    /**
+     *  remove some features on deactivation
+     */
+    public static function plugin_deactivate()
+    {
+        //  remove MU Must-Use plugin file if exists
+        self::load_must_use_remove();
+    }
+    /**
+     *  perform on plugin activation
+     */
+    public static function plugin_activate()
+    {
+        self::load_must_use_apply();
+    }
 …
                 // unset later because unsetting here will skip some links as array size changes inside this loop.
                 // unset($links[$l]);
+                $this->manage_perform_request_blocking_by_url($link, 'pre_ping');
+            }
+        }

http-requests-manager/trunk/readme.txt

-                      r3034389
+                      r3081974
 Requires at least: 4.9
 Tested up to: 6.4
 Stable tag: 1.2.4
+Stable tag: 1.3.0
 License: GPLv2
 …
 == Description ==
 = Prevent WP HTTP request to slow down your WordPress website and admin interface =
+= Prevent WP HTTP requests from slowing down your WordPress website and admin interface =
 Do you have a slow WordPress admin that takes longer than usual to load? Sometime longer than 5 seconds to load admin or login pages. In rare occasions WordPress may even timeout and show 504 page.
 Reason may be slow external WP_HTTP requests. [HTTP Requests Manager plugin](https://veppa.com/http-requests-manager/) will log all WP HTTP requests with time taken to complete each request. If there are multiple request per page they will be color grouped.
 Plugin tested  with PHP version 5.6, 7.x and up to 8.2.
+Reason may be slow external WP_HTTP requests. [HTTP Requests Manager plugin](https://veppa.com/http-requests-manager/) will log all WP HTTP requests with time taken to complete for each request. If there are multiple requests per page they will be color grouped.
+Plugin tested with PHP version 5.6, 7.x and up to 8.3.
 = Do not confuse WP_HTTP request with HTML requests that loads page assets like js, css, image, font =
 …
 Plugin will not detect any requests made by other WordPress classes like WP_Http_Curl or PHP functions like curl_exec, fsockopen, file_get_contents etc.
 Do not confuse it with HTML requests (loading assets like css, js, image) done by HTML page.  WP_Http requests are performed only inside PHP files and not visible in web browser.
+Do not confuse it with HTML requests (loading assets like css, js, image) done by HTML page. WP_Http requests are performed only inside PHP files and not visible in web browser.
 [Learn more about difference between WP_Http requests and HTML requests](https://veppa.com/http-requests-manager/#what_is_detected_with_http_requests_manager)
 = How plugin prevents slow pages containing WP_HTTP requests?  =
+= How plugin prevents slow pages containing WP_HTTP requests? =
 Plugin helps to prevent website slowdown by:
 * Sets request timeout period to 1 second. Where default is 5.
+* Sets request timeout period to 2 second. Where default is 5.
 * Limit number of request per page by 3. Default is unlimited.
 * Limit WP HTTP request if page load time is longer than 3 seconds. Default is unlimited.
 …
 . Page processing time exceeded 3 seconds.
 . Number of request for single page reached 3.
 . Sets timeout for each request to 1 second.
+. Sets timeout for each request to 2 second.
 . Sets number of redirects for request to 1.
 . Apply custom rules for "Smart block" defined in settings.
 . Prevent some built in requests: happy browser, maybe update, self pings.
 . Skip limitations listed above for: file downloads (plugin, theme, other), requests inside cron jobs.
+. Prevent some built in requests: happy browser, maybe update, self pings, do_enclose.
+. Skip some limitations listed above for: file downloads (plugin, theme, other), requests inside cron jobs.
 - **Block external requests** — all requests not matching your current domain will be blocked. No updates for WordPress core, plugins and themes. (+ Smart block features.)
 - **Block external requests (allow WordPress.org only)** — all requests not matching your current domain and wordpress.org will be blocked. Allows updates for WordPress core, plugins and themes coming from wordpress.org website. (+ Smart block features.)
 …
 After using plugin for some time and knowing which requests are performed you can disable logging. Operation mode will remain unchanged. Request blocking will remain in tact. No new logs will be recorded. You can analyze old logs, they will not be deleted.
+= Load before other plugins  =
+In order to catch more requests you can enable "Load before other plugins" option. It uses Must-Use plugin feature and load before other regular plugins. This way you will make sure to detect all WP_HTTP requests by other plugins.
 = Custom rules for "Smart Block" mode =
 …
 = Features =
+* View performance improvement of your WordPress website due to blocking some remote HTTP requests.
 * View blocked requests by this plugin. Show reason why it was blocked.
 * View failed requests with error message.
 * View what initiated HTTP request: WordPress core, plugin or theme.
 * View on which page request was made. Also view page type is frontend, admin, login, cron, ajax or rest_api.
+* View on which page request was made. Also view page type is frontend, admin, login, cron, ajax, xmlrpc or rest_api.
 * View list of other requests made on same page view.
 * View sent and received data.
 …
 == Screenshots ==
+. Screenshot shows latest HTTP requests and reason why they are blocked. Also summary show at the top with total percentage of blocked requests (63% in current view). Hosts card shows that there are 7 different hosts were requests sent. When you hover over card tooltip will show breakdown of hosts in percentage. We can see that 73% or requests were made to api.wordpress.org website. Also we can see that plugins actively using external requests to load data and some promotions from their servers.
+. WP_HTTP request and response data. Popup opens when you click on request from table. Page and request times shows as well.
+. Blocked request due to page time exceeding 3 seconds. Additional information regarding page shown with currently active manager mode.
+. Check point shows how plugins and requests effect page time and memory usage.
+. Group requests to simplify report. You can group by request domain, page type, initiator, response status etc. Bar colors will visually indicate requests by response status as blocked orange, success green, error red.
+. Requests grouped by initiator core / theme / plugin. Clicking on group will reveal requests inside that group.
+. Settings page to select operation mode, disable logging and adding custom rules. Settings will be saved each time when you change any option.
+. Select operation mode to fit your need. Only blocking modes will speed up WordPress admin pages. Be aware that blocking modes may break functionality of some plugins that rely on external API requests.
+. Define custom rules to always allow some plugins or domains only in "Smart block" mode. Custom rules will be ordered by high priority. First matching rule will be applied.
+. Screenshot shows latest HTTP requests and reason why they are blocked. Summary cards at the top show total percentage of blocked requests (54% in current view). You can also see estimated performance improvement 2.2x because of blocking some remote requests. Hosts card shows that there are 3 different hosts were requests sent. When you hover over card tooltip will show breakdown of hosts in percentage. We can see that 31% or requests were made to api.wordpress.org website. Also we can see that plugins actively using external requests to load data and some promotions from their servers.
+. When Smart Block enabled total page generation time will be limited to 3 seconds. Page with 10 requests, will improve from 11-12 seconds to 3 seconds, regardless of web hosting resources.
+. WP_HTTP request and response data. Popup opens when you click on request from table. Page and request times shows as well.
+. Blocked request due to page time exceeding 3 seconds. Additional information regarding page shown with currently active manager mode.
+. Check point shows how plugins and requests effect page time and memory usage.
+. Group requests to simplify report. You can group by request domain, page type, initiator, response status etc. Bar colors will visually indicate requests by response status as blocked orange, success green, error red.
+. Requests grouped by initiator core / theme / plugin. Clicking on group will reveal requests inside that group.
+. Settings page to select operation mode, disable logging and adding custom rules. Settings will be saved each time when you change any option.
+. Select operation mode to fit your need. Only blocking modes will speed up WordPress admin pages. Be aware that blocking modes may break functionality of some plugins that rely on external API requests.
+. Define custom rules to always allow some plugins or domains only in "Smart block" mode. Custom rules will be ordered by high priority. First matching rule will be applied.
 …
 All pages with WP_HTTP requests are recorded. Slow pages without any WP_HTTP requests are not recorded.
+= Which remote requests are not detected? =
+This plugin detects only requests made using [WP_HTTP](https://developer.wordpress.org/reference/classes/wp_http/) class defined by WordPress. It is preferred way of doing remote requests. WordPress core and most plugins/themes use it.
+Plugin will not detect requests made using other classes and functions. For example remote requests made with WordPress class [WP_Http_Curl](https://developer.wordpress.org/reference/classes/wp_http_curl/) (deprecated starting from WordPress version 6.4) or PHP functions like curl_exec, fsockopen, file_get_contents are not detected by this plugin.  Because they do not have hooks similar to WordPress to manage requests before making them.
+Unfortunately when plugin/theme uses other functions (not WP_HTTP class) they will not be detected by this plugin.
+= How much performance improvement can be gained? =
+Performance gain on pages with WP_HTTP requests can be up to 5x. It all depends on which blocking method used and how heavyly remote requests are used by core and pugins.
+= Are all WordPress pages have WP_HTTP requests? =
+No. WP_HTTP requests are performed periodically or on certain action. When you check logged requests, there will be around 50-100 pages with requests per day. On website with 10k daily page views (human and bot traffic) it will make around 1% of all pages.
+= How can I feel speed improvement provided by this plugin? =
+You will most likely feel speed difference in admin area. Pages previously loading slowly or timing out regularly should load much faster.
 == Changelog ==
+= 1.3.0 - 6 May 2024 =
+* Added: priority loading mode using MU plugin feature. Plugin will load as Must-Use plugin before other plugins for catching as many requests as possible.
+* Added: Prevent requests initiated by do_enclose function after adding/updating post with images and links. Every time when post saved all links inside post will be requested for checking their file type. For example post with 20 links and 10 images will make 30 requests to check file type for each URL. Only audio and video URLs are saved as enclosure. Other requests are not used and wastes server resources. This request prevention will eliminate tens of requests to non audio/video URLs. When enabled related cron request for post with 30 URLs will finish in 1 second instead of 30 seconds.
+* Added: Log prevented requests for better understanding what is changed after enabling some blocking mode. Previously prevented self pings and do_enclose requests were not logged.
+* Added: Calls from xmlrpc.php file are moved to new page group called "xmlrpc" from previous "frontend".
+* Added: Summary card showing average performance improvement occurred due to blocking some remote API/HTTP requests.
+* Fixed: increased request timeout from 1 second to 2 seconds for allowing enough time to complete CURL calls made to HTTPS servers.
+* Fixed: responses to non streaming requests will be grouped as "success" instead of "error".
 = 1.2.4 - 12 February 2024 =
 *  Fixed: prevent calling is_user_logged_in function when it is not declared.
+* Fixed: prevent calling is_user_logged_in function when it is not declared.
 = 1.2.3 - 30 November 2023 =
 *  Fixed: Domain select box population when adding new Custom Rule.
+* Fixed: Domain select box population when adding new Custom Rule.
 = 1.2.2 - 29 November 2023 =
 *  Fixed: Variable name typo inside get_arr_val function.
+* Fixed: Variable name typo inside get_arr_val function.
 = 1.2.1 - 29 November 2023 =
  *  Fixed: Incorrect links in options page.
+* Fixed: Incorrect links in options page.
 = 1.2.0 - 28 November 2023 =
  *  Added: Separate tabs for log, settings, more tools
  *  Added: Group request logs by URL, domain, page, page type, plugin, response status etc. Better for viewing important information.
  *  Added: Custom rules to block/allow by all/domain/plugin in everywhere/admin/frontend/ajax/cron/rest_api/login. Maximum 10 custom rules can be added. Custom rules apply only in smart block mode.
  *  Added: Option to disable logging. Old logs can be viewed. Plugin will work a bit faster when logging disabled.
  *  Added: Disable self ping (only when blocking in "smart block+" mode). Self ping sends pings to images and links on same domain. Post with 20+ links and images will take 10+ seconds to send self pings.
  *  Added: Disable auto update check on admin page in "smart block+" mode. _maybe_update_core, _maybe_update_themes, _maybe_update_plugins slows down admin pages up to 5+ seconds on first visit after 12 hours and can even timeout. Update checks via cron is not effected.
  *  Fixed: Undefined array key "file" error
  *  Update: Store last 1k records
+* Added: Separate tabs for log, settings, more tools
+* Added: Group request logs by URL, domain, page, page type, plugin, response status etc. Better for viewing important information.
+* Added: Custom rules to block/allow by all/domain/plugin in everywhere/admin/frontend/ajax/cron/rest_api/login. Maximum 10 custom rules can be added. Custom rules apply only in smart block mode.
+* Added: Option to disable logging. Old logs can be viewed. Plugin will work a bit faster when logging disabled.
+* Added: Disable self ping (only when blocking in "smart block+" mode). Self ping sends pings to images and links on same domain. Post with 20+ links and images will take 10+ seconds to send self pings.
+* Added: Disable auto update check on admin page in "smart block+" mode. _maybe_update_core, _maybe_update_themes, _maybe_update_plugins slows down admin pages up to 5+ seconds on first visit after 12 hours and can even timeout. Update checks via cron is not effected.
+* Fixed: Undefined array key "file" error
+* Update: Store last 1k records
 = 1.1.0 - 12 June 2023 =

http-requests-manager/trunk/templates/page-settings.php

-                      r3003727
+                      r3081974
                                 — <a href="#help"><?php echo __('Which one to choose?', 'http-requests-manager'); ?></a>
                             </p>
+                        </td>
+                    </tr>
+                    <tr>
+                        <th scope="row"><label><?php _e('Load before other plugins', 'http-requests-manager'); ?></label></th>
+                        <td>
+                            <input type="checkbox" name="load_must_use" value="1" id="load_must_use" <?php echo (HTTP_Requests_Manager::get_option('load_must_use') ? ' checked="checked"' : '') ?> />
+                            <label for="load_must_use">Enable priority loading with Must-Use plugin feature.</label>
                         </td>
                     </tr>
 …
                             <li><?php _e('Page processing time exceeded 3 seconds.', 'http-requests-manager'); ?></li>
                             <li><?php _e('Number of request for single page reached 3.', 'http-requests-manager'); ?></li>
                             <li><?php _e('Sets timeout for each request (except file downloads) to 1 second.', 'http-requests-manager'); ?></li>
+                            <li><?php _e('Sets timeout for each request (except file downloads) to 2 second.', 'http-requests-manager'); ?></li>
                             <li><?php _e('Sets number of redirects for request to 1.', 'http-requests-manager'); ?></li>
                             <li><?php _e('Apply custom rules for "Smart block" defined in settings.', 'http-requests-manager'); ?></li>
+                            <li><?php _e('Prevent some built in requests: happy browser, maybe update, self pings.', 'http-requests-manager'); ?></li>
+                            <li><?php _e('Prevent some built in requests: happy browser, maybe update, self pings, do_enclose.', 'http-requests-manager'); ?></li>
+                            <li><?php _e('Skip some limitations listed above for: file downloads (plugin, theme, other), requests inside cron jobs.', 'http-requests-manager'); ?></li>
                         </ol>
                     </li>

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Plugin Directory