外掛標籤
開發者團隊
原文外掛簡介
ReqLock — also written RequestLock or Request Lock — is an outbound (egress)
firewall for WordPress. It controls every call your site makes out to the internet, on
both sides of the request: the server (PHP / WP HTTP API) and the browser (the HTML
your pages render). One master switch puts your site fully in control of its own outbound
traffic.
Modern WordPress sites are noisy: update checks, license pings, analytics, tag managers,
external fonts, embedded widgets, AI APIs, and assorted “phone-home” calls all reach out to
servers you don’t control. When those servers are slow, blocked, or down, your pages and your
dashboard pay the price — and every one of them is a place your visitors’ data leaks out.
ReqLock lets you shut that traffic off at will, instantly and reversibly, without editing
theme files or hunting down plugins.
One switch, four jobs:
Resilience — keep the site working when the external internet is cut or restricted
(outages, regional shutdowns, upstream failures). Pages serve from local assets and
wp-admin stops hanging on dead requests.
Performance — slow or unreachable third-party calls fail instantly instead of
stalling front-end and back-end page loads on long timeouts.
Privacy — strip analytics, trackers, external fonts, and phone-home requests so nothing
about your visitors leaves the server.
Development — turn any install into a self-contained, offline-capable environment:
no external calls, no tracking from a staging copy, no waiting on remote APIs while you work.
Use cases
Outage / shutdown resilience. When upstream connectivity is throttled or blocked, a
normal WordPress site stalls on every external call. Flip ReqLock on and the site keeps
serving from local resources — admin included.
Speeding up a sluggish site. A single slow analytics or font host can add seconds to
every page load. ReqLock makes those calls fail fast instead of blocking the render.
Privacy / no-tracking deployments. Run a site that provably makes no third-party
requests — useful for privacy-first projects, internal tools, and compliance-sensitive setups.
Local & staging development. Clone production to a laptop or staging box and ReqLock
keeps it from phoning home: no analytics fired from a test copy, no license pings, no
WordPress.org update checks slowing down wp-admin while you build. The site behaves the
same with the network unplugged — ideal for offline coding, demos, and air-gapped boxes.
Auditing what a site talks to. The Detected-hosts panel logs every external host the
site reaches, so you can see exactly who your themes and plugins contact — then decide what
to allow and what to cut.
What it blocks
Server-side (PHP / WP HTTP API)
Outbound wp_remote_* requests to external hosts: WordPress.org update/version checks,
analytics, AI APIs (OpenAI, Gemini), remote fonts, license/phone-home pings, etc. They fail
instantly instead of timing out.
Browser-side (rendered HTML)
External
