1. WordPress HTTP API Overview
WordPress provides a standardized HTTP API for communicating with remote servers.
Main Functions
wp_remote_get()— Perform GET requestwp_remote_post()— Perform POST requestwp_remote_request()— Custom HTTP methods (PUT, DELETE, PATCH)wp_remote_retrieve_body()— Extract response bodywp_remote_retrieve_response_code()— Get HTTP status codewp_remote_retrieve_headers()— Get response headers
Core Classes
WP_Http— Main HTTP wrapper classWP_Http_Curl— cURL transportWP_Http_Streams— Streams transportWP_Http_Response— Standardized response object
Underlying Library
WordPress uses the Requests PHP library internally to perform HTTP requests.
2. Default HTTP Request Configuration
Defaults used by WP_Http::request():
timeout→ 5 secondsredirection→ 5httpversion→ 1.0blocking→ trueuser-agent→ WordPress/{version}; {site-url}
3. Basic GET Request
function myplugin_fetch_data() {
$response = wp_remote_get( 'https://api.example.com/data' );
if ( is_wp_error( $response ) ) {
return 'Request failed: ' . $response->get_error_message();
}
$body = wp_remote_retrieve_body( $response );
return json_decode( $body );
}
4. GET Request with Arguments
$response = wp_remote_get(
'https://api.example.com/data',
array(
'timeout' => 20,
'redirection' => 3,
'httpversion' => '1.1',
'headers' => array(
'Authorization' => 'Bearer YOUR_TOKEN',
'Accept' => 'application/json',
),
)
);
5. POST Request Example
function myplugin_send_data() {
$response = wp_remote_post(
'https://api.example.com/submit',
array(
'headers' => array(
'Content-Type' => 'application/json',
),
'body' => wp_json_encode( array(
'name' => 'John Doe',
'email' => 'john@example.com',
) ),
)
);
if ( is_wp_error( $response ) ) {
return $response->get_error_message();
}
return wp_remote_retrieve_body( $response );
}
6. Proper Error Handling
Always validate the response.
$response = wp_remote_get( $url );
if ( is_wp_error( $response ) ) {
error_log( $response->get_error_message() );
return;
}
$status_code = wp_remote_retrieve_response_code( $response );
if ( 200 !== $status_code ) {
error_log( 'Unexpected HTTP status: ' . $status_code );
return;
}
$body = wp_remote_retrieve_body( $response );
7. Caching Remote Requests (Transients API)
Remote requests are synchronous and block execution. Use transients to reduce repeated calls.
function myplugin_cached_remote_request() {
$cache_key = 'myplugin_remote_data';
$data = get_transient( $cache_key );
if ( false === $data ) {
$response = wp_remote_get( 'https://api.example.com/data' );
if ( is_wp_error( $response ) ) {
return;
}
$data = wp_remote_retrieve_body( $response );
set_transient( $cache_key, $data, 6 * HOUR_IN_SECONDS );
}
return json_decode( $data );
}
8. Non-Blocking Requests
Use when response is not immediately required.
wp_remote_post(
'https://api.example.com/background-task',
array(
'blocking' => false,
)
);
Useful for:
Logging
Webhooks
Background sync
9. Authenticated Requests
Bearer Token
$response = wp_remote_get(
'https://api.example.com/protected',
array(
'headers' => array(
'Authorization' => 'Bearer ' . $token,
),
)
);
Basic Authentication
$response = wp_remote_get(
'https://api.example.com/protected',
array(
'headers' => array(
'Authorization' => 'Basic ' . base64_encode( 'user:password' ),
),
)
);
10. Custom HTTP Methods
$response = wp_remote_request(
'https://api.example.com/item/10',
array(
'method' => 'DELETE',
)
);
11. Best Practices
Always check
is_wp_error()Validate HTTP response codes
Sanitize and escape output
Use HTTPS endpoints
Cache expensive remote calls
Do not expose API keys in public code
Handle timeouts gracefully
12. Complete Minimal Plugin Example
/**
* Plugin Name: Remote API Demo
*/
add_action( 'init', function() {
$data = get_transient( 'demo_remote_post' );
if ( false === $data ) {
$response = wp_remote_get(
'https://jsonplaceholder.typicode.com/posts/1',
array(
'timeout' => 10,
)
);
if ( is_wp_error( $response ) ) {
return;
}
$data = wp_remote_retrieve_body( $response );
set_transient( 'demo_remote_post', $data, HOUR_IN_SECONDS );
}
$decoded = json_decode( $data );
echo '<pre>';
print_r( $decoded );
echo '</pre>';
exit;
});