HTTP Logs

What It Does

This module logs HTTP requests made to your website, including details about who accessed what pages and when. This comprehensive logging helps you monitor all activity on your website and identify potential security threats.

Why it's important

Monitoring: Knowing what is being called from your website using the WordPress HTTP API is one of several ways to prevent website hacking.

Detecting: Some malware masquerading as legitimate plugins will use WordPress functions (wp_remote_get(), wp_remote_post(), etc.) to evade detection, as direct use of cURL can be flagged as malicious.

Optimizing: Premium plugins need to make API calls to validate your license, retrieve data, and send data, but some do this poorly (several times per minute or even per second!), wasting bandwidth.

Blocking: Whether it's to reduce calls to clean APIs or block malware attempting external calls, you can reduce the number of outgoing HTTP requests per domain, path, or entire request.

Securing: By implementing this security measure, you protect your website against potential threats.

How to Use


Activate this module in the Logs section of the SecuPress settings.

If you encounter any problems after activation, you can temporarily deactivate the module. The module will automatically remove its protection rules upon deactivation.

Start by selecting a log from the list; you will then arrive at:

  1. The primary domain of the request, with the option to delete this domain and all related child pages, or to open the configuration panel for this request. This does not necessarily mean the domain was directly queried; it may only involve other pages or paths, but everything is grouped by domain in the interface.Below are all the child requests related to this domain.
  2. A trust level from Norton Safeweb is displayed here. It may be unknown, which is a positive sign rather than a negative one.
  3. The destination country of the request, for informational purposes.
  4. A counter of successful requests with an average spanning from the first received request. For example, since January 1, 2026, there have been 1200 requests. As of January 30, 2026, this equates to 40 requests per day.
  5. Informative labels about the request type, such as GET, POST, whether it's HTTP or HTTPS, whether it's a WordPress or SecuPress URL, etc.All these columns are clickable filters to refine the search.

Click "View":

The IP address making this request is theoretically the server's IP address, your hosting provider, since theoretically it's the website initiating the request.

The limitation applies to the entire domain. Information in sections 3 and 4 will also be affected if you move the slider.

By moving the slider, you adjust the maximum number of calls to this domain, including all paths and parameters. This ranges from "No limit" to "Blocked," including 1 call every 5 minutes, up to 1 per day.

The same applies to the path, but with a slightly more precise setting. The slider cannot be positioned below the domain name.

The same applies to the full URL with parameters. The same note applies.


Further down:

The parameters to ignore allow you to avoid relying on a dynamic parameter, for example, time=170574435788  , which changes with each call. This would prevent blocking calls because the URL is different. Check the parameters you know to be dynamic to avoid relying on them and respect the blocking.

The same idea applies to the request method. You can block certain request methods for specific URLs (always for outbound HTTP!).

The list of the last 10 calls for this domain, with a timestamp and the ability to view the request details, headers, and response.

Warning

This module is not labeled "Expert" but still requires knowledge of outgoing requests. Blocking too many things can cause the site to behave abnormally. For example, if you block too many wordpress.org requests, updates could be delayed or impossible.