BlackSwan | Block External Request

BlackSwan Block External Request gives you granular control over every outgoing connection your WordPress site makes — both server-side PHP requests and browser-loaded JS/CSS resources. WordPress, plugins, and themes constantly send background HTTP requests: update checks, license pings, analytics, font downloads, CDN calls, and more. On slow servers or restricted hosting environments, these requests can add seconds to every admin page load. This plugin lets you block what you don't need and keep what you do. What it does Server-side HTTP Blocking (PHP) Intercepts outgoing wp_remote_get / wp_remote_post calls via the pre_http_request filter. Add domains to the blacklist and they'll be blocked before the request is even made. Whitelist specific URL patterns to let essential requests through (e.g. plugin update API). Browser-side Resource Blocking (JS/CSS by Domain) Deregisters enqueued JavaScript and CSS files loaded from blacklisted external domains. Toggle separately for admin panel and public frontend. Your own site's assets are never touched. Block Specific Resources (by URL) Block individual JS or CSS files by full URL, partial path, or even just a filename — works for both local and external resources. Per-item backend/frontend toggle. Perfect for removing unwanted plugin assets without editing code. Features

• Blacklist & whitelist with inline edit, delete, and delete-all
• Block external JS/CSS by domain (backend, frontend, or both)
• Block specific resources by URL pattern (local or external)
• One-click pause/resume — instantly disable all blocking
• Safe mode via ?bswan-safe=1 — emergency bypass for any admin page
• Settings page auto-bypasses resource blocking so you never lock yourself out
• Export/import all settings as a single JSON file
• AJAX-powered save — no page reloads
• Query Monitor integration — detect, activate, or install from settings
• All settings stored as a single JSON option with autoload=no for performance
• Fully standalone — zero external dependencies (inline Lucide SVG icons)
• Modern liquid glass UI with dot-grid background
• WordPress native postbox layout with collapsible sections
• Translation-ready with full text domain support

Who is this for?

• Sites on slow or restricted hosting where external calls cause timeouts
• Developers debugging performance issues
• Agencies managing client sites that don't need update checks
• Anyone who wants a faster wp-admin experience

Developer Hooks Two filters are available for developers to customize blocking behavior programmatically. These run on every page load and merge with the values from the settings page. BlackSwan\block_external_request\block_url_list Filter the array of blocked domain strings. Each entry is matched via strpos() against the full request URL. add_filter( 'BlackSwan\block_external_request\block_url_list', function( $domains ) { $domains[] = 'analytics.example.com'; return $domains; }); BlackSwan\block_external_request\whitelist_urls Filter the array of whitelisted URL patterns. If a blocked URL also matches a whitelist pattern (via strpos()), the request is allowed through. add_filter( 'BlackSwan\block_external_request\whitelist_urls', function( $patterns ) { $patterns[] = '//api.example.com/v2/license'; return $patterns; }); Whitelist patterns take priority over blacklist domains. Both filters accept and return a flat array of strings. Links

• Developer — AmirhpCom
• BlackSwan
• Plugin GitHub Page
• Rate 5-Star
• Support & Issues

1. Upload the blackswan-block-external-request folder to /wp-content/plugins/
2. Activate the plugin through the Plugins menu in WordPress
3. Go to Settings → Block External Request to configure

Or install directly from WordPress:

1. Go to Plugins → Add New
2. Search for "BlackSwan Block External Request"
3. Click Install Now, then Activate

The plugin comes pre-configured with a sensible default blacklist and whitelist. You can customize everything from the settings page.

2.6.2

• Added pre-defined list of common analytics/tracking domains to the default blacklist (e.g. Google Analytics, Hotjar, Matomo etc.)
• Added pre-defined list of common Iranian payment gateway domains to the default blacklist (e.g. Zarinpal, Pay.ir, IDPay etc.)
• DEV: Added BlackSwan\block_external_request\blocked_resources filter to allow programmatic blocking of specific JS/CSS resources by URL pattern

2.6.0

• New: Modern liquid glass UI with frosted postboxes and dot-grid background
• New: Inline Lucide SVG icons — fully standalone, zero external dependencies
• New: Status badge with animated icons (activity pulse for active, circle-pause for paused)
• New: Query Monitor three-state detection (active / installed but inactive / not installed)
• New: One-click activate button for Query Monitor when installed but not active
• Improved: Gradient badges and softer visual language throughout
• Improved: All buttons use consistent flex layout with icon + text

2.5.0

• New: Replaced all WordPress dashicons with inline Lucide SVGs
• New: Plugin is now fully standalone — no external CSS, fonts, or icon libraries
• New: SVG icon helper method with 20+ icons for consistent rendering
• Improved: JS-rendered table rows use PHP-generated SVG strings for icons

2.4.0

• New: Query Monitor integration — detect active, installed, or missing; one-click activate/install
• Fixed: Three-state QM detection (active vs installed-but-inactive vs not-installed)
• Improved: Activate link uses proper wp_nonce_url for one-click activation

2.3.1

• Fixed: Postbox headers now use proper WordPress core markup (postbox-header, handle-actions, handlediv)
• Fixed: Native collapsible postbox behavior via postboxes.add_postbox_toggles(pagenow)
• Removed: Custom postbox toggle CSS and JavaScript — WordPress core handles it all

2.3.0

• New: Safe mode — add ?bswan-safe=1 to any admin URL to bypass all blocking
• New: Settings page automatically skips resource dequeuing (not full safe mode)
• New: Safe Mode sidebar metabox with direct link and usage tips
• New: Collapsible postboxes for main content sections
• Improved: Clear separation between safe mode (full bypass) and settings page (resource-only bypass)

2.2.0

• New: Block Specific Resources section — block individual JS/CSS by full URL, partial path, or filename
• New: Per-item backend/frontend checkboxes for specific resource blocking
• New: WordPress post-editor style two-column layout with sidebar metaboxes
• New: Sidebar metaboxes for Save/Pause, Tools, Export/Import, and Disclaimer
• New: Global export/import — single JSON file for all settings
• Removed: Individual per-list export/import buttons
• Fixed: Blocked resources checkbox state now persists correctly after save (boolean → integer serialization)

2.1.0

• New: Browser-side resource blocking — dequeue external JS/CSS from blacklisted domains
• New: Separate toggles for admin panel and public frontend
• New: Resource blocking respects whitelist patterns
• Improved: Settings auto-migrate on upgrade with safe defaults

2.0.0

• Complete rewrite with settings page
• New: Visual blacklist/whitelist management with inline edit, delete, delete-all
• New: AJAX-powered save — no page reloads
• New: Temporary pause button to disable all blocking without losing rules
• New: JSON export/import for blacklist and whitelist
• New: Query Monitor install link
• New: Disclaimer notice
• New: Settings stored as single JSON option with autoload=no
• New: Settings link on plugins list page
• New: Default blacklist and whitelist seeded on first activation

1.1.0

• Added whitelist support — allow specific URL patterns through the blacklist
• Added BlackSwan\block_external_request\whitelist_urls filter
• Default whitelist includes WordPress plugin API and download URLs

1.0.0

• Initial release
• Block external HTTP requests by domain via pre_http_request filter
• Predefined blacklist of common domains
• Filter hook BlackSwan\block_external_request\block_url_list for customization