Outgoing Requests

DebugHawk monitors outgoing HTTP requests made by WordPress during page generation. This includes server-side API calls, license checks, and update checks. JavaScript requests made in the browser are not currently tracked.

Impact on Performance

External requests can directly affect page load times. DebugHawk captures the complete request lifecycle, showing you exactly which components are making requests, how long they take, and whether they succeed or fail.

Non-Blocking Requests

Some requests are designed to be non-blocking, meaning WordPress doesn't wait for a response before continuing page generation. These requests typically are used for:

  • WP-Cron triggers: Initiating scheduled tasks without delaying page loads
  • Background job queues: Starting asynchronous processing tasks

Non-blocking requests are generally harmless to performance since they don't delay page rendering.

Key Metrics

  • Method: HTTP method used (GET, POST, etc.)
  • URL: Full endpoint URL being requested
  • Status: HTTP response status code (200, 404, 500, etc.)
  • Duration: Time taken for the request to complete
  • Component: WordPress component (core, plugin, theme) making the request
  • Location: The PHP file and line number where the request originated
  • When: Timestamp of when the request occurred

Understanding Normal WordPress Behavior

Essential WordPress Requests

WordPress automatically checks for core, plugin, and theme updates. You'll see these outgoing requests regularly:

  • Core Updates: api.wordpress.org/core/version-check/1.7/
  • Plugin Updates: api.wordpress.org/plugins/update-check/1.1/
  • Theme Updates: api.wordpress.org/themes/update-check/1.1/

These requests occur twice daily through WP-Cron, when you visit certain admin pages, and during manual update checks. This is healthy behavior that keeps your site updated and secure.

Other Common Requests

Many popular plugins and themes make regular external requests. This is especially true of premium plugins and themes since they can't use WordPress.org's update system and need to verify licenses directly.

Here are some popular plugins and their typical requests:

  • Elementor Pro: my.elementor.com/api/v2/pro/info
  • Kadence Blocks: licensing.stellarwp.com/api/plugins/v2/license/validate/

The frequency varies by product, but most check daily or when you visit specific admin pages.

Identifying Problematic Requests

External requests become problematic when they occur too frequently or in the wrong context:

  • License checks on public pages: Premium plugins should validate licenses only in admin areas, not during visitor page loads
  • Uncached admin requests: License validation and update checks running on every admin page instead of caching results for 12-24 hours
  • Excessive update checks: Plugins checking for updates more frequently than WordPress core's twice-daily schedule
  • Duplicate requests: Same endpoint called multiple times per page load, indicating missing request caching
  • Suspicious domains: Requests to unknown domains could indicate tracking or malicious intent