Using WordPress ‘ms_allowed_http_request_hosts()’ PHP function

The ms_allowed_http_request_hosts() WordPress PHP function adds any domain in a multisite installation for safe HTTP requests to the allowed list.

Usage

ms_allowed_http_request_hosts($is_external, $host);

Parameters

  • $is_external (bool): Indicates whether the request is external or not.
  • $host (string): The domain/host for which you want to allow safe HTTP requests.

More information

See WordPress Developer Resources: ms_allowed_http_request_hosts

Examples

Allow an external host for HTTP requests

// Allow example.com as an external host
add_filter('http_request_host_is_external', 'allow_example_host', 10, 2);
function allow_example_host($is_external, $host) {
  if ('example.com' === $host) {
    return true;
  }
  return $is_external;
}

Allow multiple external hosts for HTTP requests

// Allow example.com and example2.com as external hosts
add_filter('http_request_host_is_external', 'allow_multiple_hosts', 10, 2);
function allow_multiple_hosts($is_external, $host) {
  $allowed_hosts = ['example.com', 'example2.com'];
  if (in_array($host, $allowed_hosts)) {
    return true;
  }
  return $is_external;
}

Allow a subdomain in a multisite installation

// Allow sub.example.com as an external host in a multisite installation
add_filter('http_request_host_is_external', 'allow_subdomain_host', 10, 2);
function allow_subdomain_host($is_external, $host) {
  if ('sub.example.com' === $host) {
    return true;
  }
  return $is_external;
}

Allow all subdomains of a specific domain

// Allow all subdomains of example.com
add_filter('http_request_host_is_external', 'allow_all_subdomains', 10, 2);
function allow_all_subdomains($is_external, $host) {
  if (preg_match('/(.*)\.example\.com/', $host)) {
    return true;
  }
  return $is_external;
}

Conditionally allow external hosts based on the current user’s role

// Allow example.com for users with the 'editor' role
add_filter('http_request_host_is_external', 'allow_host_based_on_user_role', 10, 2);
function allow_host_based_on_user_role($is_external, $host) {
  $current_user = wp_get_current_user();
  if (in_array('editor', $current_user->roles) && 'example.com' === $host) {
    return true;
  }
  return $is_external;
}