Difference between wp_remote_post and wp_safe_remote_post

[*][**]

So is there ever any other situation in which I would want to use wp_remote_post or should I always stick with wp_safe_remote_post?

The two functions are exactly the same, except wp_safe_remote_post() sets the reject_unsafe_urls argument to true. That argument causes the URL to be passed through wp_http_validate_url() in WP_Http::request().

From that function, we see that there are a few use cases where you would need to use wp_remote_post() instead of wp_safe_remote_post().

  1. If you are using a protocol that is not http or https.*
  2. If you need to pass a user or pass in the URL.
  3. If you are posting to the localhost.**
  4. If you need to use a port other than 80, 443, or 8080.

It’s also possible to use the http_request_reject_unsafe_urls filter to pass URLs through wp_http_validate_url() in an HTTP request whether wp_safe_remote_post() or wp_remote_post() is called.

[*] If reject_unsafe_urls is not set, the URL is still passed though wp_kses_bad_protocol() and the allowed protocols are http, https, and ssl.

[**] It’s possible to use wp_safe_remove_post() to the localhost by using the http_request_host_is_external filter and returning a truthy value.

[*]

Leave a Comment

Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)