0 Day Analytics

Requests Module — User Guide

By sdobreff on · 12 min read · Requests · 0-day-analytics, documentation
Table of Contents

The Requests Module captures and logs every HTTP request and REST API request made by or to your
WordPress site. It gives administrators a comprehensive view of all outgoing HTTP API calls (wp_remote_*)
and incoming REST API requests, complete with performance metrics, error tracking, and an analytics dashboard.

Who is this for?
You need the Administrator role (the manage_options capability) to access the Requests
module. Other users will not see its menu items.

What can you do with the Requests Module?

  • Monitor all outgoing HTTP API calls and incoming REST API requests
  • View request URLs, response statuses, runtimes, and the originating plugin
  • Identify slow, failing, or excessive requests that impact site performance
  • Filter and search by status, type, domain, plugin, date range, and runtime
  • View detailed request arguments, response data, and PHP stack traces
  • See an at-a-glance analytics dashboard with totals, error rates, and trends
  • Export request logs to CSV for offline analysis
  • Toggle HTTP and REST monitoring independently on/off
  • Auto-purge old logs on a configurable schedule

Enable / Disable the Module

The Requests module is a standalone module inside Advanced Analytics. You can enable or disable it without affecting any
other part of the plugin or WordPress itself.

  1. Navigate to Error Logs → Settings in the WordPress admin sidebar.
  2. Click the “Request Options” tab (or scroll to the section headed Request options).
  3. Toggle the “Enable requests module” checkbox.
  4. Click Save Changes.
wp-admin/admin.php?page=advan_logs_settings#aadvana-options-tab-request-list
Important: Disabling the module only hides the Requests viewer
sub-menu from the admin and stops data collection. It does not affect your site’s ability to make or
receive HTTP/REST requests. WordPress will continue working normally.

Module Settings

The Request Options tab on the Settings page has five settings:

1. Enable requests module

Type Checkbox
Default Enabled (checked)
Effect Shows or hides the Requests viewer sub-menu and enables/disables all request logging
functionality. Does not affect WordPress HTTP/REST operations themselves.

2. Enable requests logging

Type Checkbox
Default Enabled (checked)
Effect Controls whether the plugin actively intercepts and records HTTP and REST requests. Disabling this
stops all data capture while keeping the viewer available to browse previously recorded logs.

When this is enabled, two additional sub-options appear:

3. Disable HTTP Requests logging

Type Checkbox
Default Disabled (unchecked)
Effect When checked, the plugin stops capturing outgoing HTTP API requests (wp_remote_get,
wp_remote_post, etc.). REST API logging remains unaffected.

4. Disable REST API Requests logging

Type Checkbox
Default Disabled (unchecked)
Effect When checked, the plugin stops capturing incoming REST API requests. HTTP API logging remains
unaffected.

5. Clear requests table every

Type Dropdown select
Default Weekly
Options Never, Hourly, Twice Daily, Once Daily, Weekly, and any custom-registered cron schedules
Effect Configures an automatic cron job that truncates the requests log table on the selected interval. Set
to Never to retain all logs indefinitely.
Note: When the automatic cleanup runs, it removes all
logged requests — not just old ones. Consider this when selecting your interval.

Requests List

wp-admin/admin.php?page=advan_requests

This is the main screen. It shows every recorded HTTP and REST API request in a sortable, filterable table.

Status Notices

At the top of the page, you may see status notices indicating the current monitoring state:

  • Yellow notice: Requests logging is disabled — click the link to go to settings.
  • Yellow notice: HTTP Requests monitoring is disabled — only REST API requests are being
    captured.
  • Yellow notice: REST API Requests monitoring is disabled — only HTTP requests are being
    captured.

Columns

Column Sortable Description
Date Yes When the request was recorded. Displays both the date and time.
Type Yes The context in which the request was made: ajax, rest_api, cron,
xmlrpc, wp-cli, login, admin, frontend,
core, installing, activate, or undetermined.
Plugin Name Yes The plugin or theme that triggered the request, identified automatically from the PHP stack trace.
Status Yes The outcome of the request: success, error, or timeout.
URL Yes The target URL of the outgoing HTTP request, or the REST API route for incoming requests.
Page Yes The originating page URL — the WordPress page that triggered the request.
Domain Yes The target domain extracted from the request URL.
User Yes The WordPress user who was logged in when the request was made. Shows 0 for anonymous or
system-level requests.
Runtime Yes How long the request took to complete, in seconds (e.g., 0.245).

Row Actions

Hover over any request row to reveal these actions:

  • Delete — Permanently removes the single request log entry.
  • Details — Opens a modal overlay with full request and response information.

Analytics Dashboard

Above the requests list table, an analytics dashboard provides an at-a-glance summary of your request activity:

Summary Cards

Card Description
Total Requests The total number of requests logged in the database.
Last 24 Hours Request count from the past 24 hours.
Last 7 Days Request count from the past 7 days.
Average Runtime The mean response time across all logged requests.
Error Rate Percentage of requests that returned an error or timeout status.

Breakdowns

  • Requests by Status — Shows the count for each status (success, error, timeout). Click a
    status to filter the list to only that status.
  • Requests by Type — Shows the count for each request context type (admin, ajax, cron, etc.).
    Click a type to filter the list.
  • Top 10 Domains — The most frequently contacted domains. Click a domain to filter the list.
  • Performance Trends (Last 30 Days) — A daily table showing the request count and average
    runtime per day, so you can spot spikes and trends.

Filters & Search

The Requests module offers extensive filtering to help you find exactly what you’re looking for.

Available Filters

Plugin Filter

  • Default: “All plugins”
  • Lists every plugin/theme that has triggered at least one logged request.
  • Select a plugin to show only its requests.

Status Filter

  • Default: All statuses
  • Options: success, error, timeout
  • Narrow results to only requests with the selected outcome.

Type Filter

  • Default: All types
  • Options: ajax, rest_api, cron, xmlrpc, wp-cli, login,
    admin, frontend, core, installing, activate,
    undetermined
  • Filter by the context in which the request was made.

Date Range Filter

  • Two date pickers: From and To.
  • Shows only requests recorded within the specified date range.

Domain Filter

  • Text input to filter by target domain (e.g., api.wordpress.org).

Runtime Range Filter

  • Two numeric inputs: Min and Max runtime (in seconds).
  • Useful for finding slow requests — for example, set Min to 2 to see all requests that took over
    2 seconds.

Use the search box in the top-right corner. It performs a full-text search across all columns.

  • Type your search term and press Enter or click Search.
  • The search is case-insensitive.
  • To clear the search, empty the box and press Enter.

Clear Filters

Click the “Clear Filters” button to reset all active filters and return to the unfiltered view.

Request Details Modal

Clicking Details on any row opens a modal overlay with comprehensive information about that request:

  • Request Type — The context type (admin, cron, ajax, etc.)
  • Status — Color-coded success/error/timeout badge
  • Runtime — How long the request took
  • Domain — The target domain

URLs

  • Page URL — The WordPress page that initiated the request
  • Request URL — The full target URL

Request & Response Panels

Two side-by-side panels display:

  • Request — The arguments sent with the request (JSON-formatted). Sensitive data such as
    authorization headers, API keys, and passwords are automatically redacted.
  • Response — The response summary including HTTP status code, headers, and a body preview
    (truncated to 512 bytes for readability).

Both panels include Copy to clipboard and Share buttons for easy data sharing.

Stack Trace

A full PHP stack trace showing the code path that triggered the request. This helps identify which plugin, theme, or
core function initiated the HTTP/REST call.

HTTP / REST Monitoring Toggle

You can quickly enable or disable HTTP or REST API monitoring directly from the Requests list page without navigating to
the settings:

  1. On the Requests list page, look for the toggle controls in the page header area.
  2. Click the toggle for HTTP Requests or REST API Requests to enable/disable that
    specific type of monitoring.
  3. The change takes effect immediately via a REST API call — no page reload is required.
Tip: If you are only interested in debugging REST API issues, you can
disable HTTP monitoring to reduce database writes and vice versa.

Bulk Actions

Perform operations on multiple request log entries at once:

  1. Check the boxes next to the requests you want to act on. Use the checkbox in the header row to select all
    visible entries.
  2. Open the Bulk actions dropdown (top-left or bottom-left of the table).
  3. Choose Delete Records.
  4. Click Apply.
No undo: Bulk delete is immediate and cannot be reversed. The page
refreshes after completion.

CSV Export

Export the currently filtered/displayed requests to a CSV file:

  1. Apply any desired filters or search (the export respects your current filter context).
  2. Click the “CSV Export” button above the table.
  3. A progress indicator appears during the export. You can click Cancel if needed.
  4. The CSV file downloads automatically once complete.

The exported CSV includes all visible columns: date, type, plugin, status, URL, page URL, domain, user ID, and runtime.

Table Management

The Requests list page provides controls for managing the database table directly:

Truncate Table

Removes all records from the requests log table but keeps the table structure intact. This is useful when you want
to start fresh without losing the table schema.

Drop Table

Completely removes the requests log database table. The table will be recreated automatically when the module is
next initialized.

Caution: Dropping the table permanently deletes all logged request
data. Use this only if you want to fully reset the module.

Automatic Cleanup

The module registers a WordPress cron job to automatically clean up old request logs based on the “Clear requests table every” setting:

Setting Value Behaviour
Never No automatic cleanup. Logs accumulate until manually deleted.
Hourly Truncates the table every hour.
Twice Daily Truncates the table twice per day.
Once Daily Truncates the table once per day.
Weekly (default) Truncates the table once per week.
Tip: On high-traffic sites, the requests table can grow quickly. Choose
an appropriate cleanup interval to keep your database size under control. For debugging specific issues, you can
temporarily set it to Never and manually clean up after your investigation.

Screen Options

Click Screen Options (top-right of the page, just below the admin bar) to customize the display:

Items per page

Control how many request entries display per page. Enter a number and click Apply. The default is
20 items per page. This setting only affects your user account.

Column Visibility

Check or uncheck columns to show or hide them. Useful for reducing clutter — for example, hiding the Page URL and
User columns when you only care about request URLs and runtimes. Settings persist across sessions.

Security & Privacy

The Requests module implements several security and privacy measures to protect sensitive data:

Automatic Data Redaction

Request arguments and responses are automatically scanned for sensitive information before being stored in the
database. The following types of data are redacted:

  • Authorization headers and Bearer tokens
  • Cookies and session identifiers
  • Passwords, secrets, and API keys
  • WordPress nonces
  • Any keys matching common sensitive naming patterns

URL Sanitization

Sensitive query parameters (such as tokens, keys, and passwords) are automatically stripped from URLs before they
are logged.

Data Truncation

  • Response bodies are truncated to a 512-byte preview.
  • Full response data is capped at 4 KB.
  • Request argument values longer than 2 KB are truncated.

This prevents excessively large API responses from bloating the database.

Access Control

  • All admin pages require the manage_options capability.
  • All form submissions are protected with WordPress nonce verification.
  • All database queries use parameterized prepared statements.
  • All user inputs are sanitized with sanitize_text_field() and wp_unslash().

Troubleshooting

No requests are being logged

Causes & Solutions:

  • Check that the module is enabled: Error Logs → Settings → Request Options — ensure both
    “Enable requests module” and “Enable requests logging” are checked.
  • Check that HTTP and/or REST monitoring are not individually disabled via the “Disable HTTP Requests logging”
    and “Disable REST API Requests logging” checkboxes.
  • If the database table was dropped, refresh the page — it should be automatically recreated.

Only HTTP requests are logged (no REST API entries)

REST API monitoring is disabled. Go to Settings → Request Options and uncheck “Disable REST API
Requests logging”.

Only REST API requests are logged (no HTTP entries)

HTTP monitoring is disabled. Go to Settings → Request Options and uncheck “Disable HTTP Requests
logging”.

The requests table is growing too large

Solutions:

  • Set a more aggressive auto-cleanup schedule (e.g., Daily or Hourly).
  • Use the Truncate Table button for an immediate cleanup.
  • Disable monitoring for the request type you don’t need (HTTP vs. REST).

The “Plugin Name” column shows blank entries

The module identifies the originating plugin by analyzing the PHP stack trace. If the request was initiated by
WordPress core or by code that doesn’t reside within a plugin/theme directory, the plugin name may be empty. This is
expected behaviour for core WordPress operations such as update checks.

Request arguments or responses show “[redacted]”

This is the security redaction feature working as intended. Sensitive values like authorization tokens, passwords,
and API keys are automatically replaced with [redacted] to prevent them from being stored in the
database. See the Security & Privacy section for details.

Request types explained

Type Description
admin Request made during a WordPress admin page load
ajax Request made during an AJAX call
cron Request made during a WP-Cron execution
rest_api Request made during a REST API dispatch
xmlrpc Request made during an XML-RPC call
wp-cli Request made during a WP-CLI command
login Request made during the login process
frontend Request made during a front-end page load
core Request made by WordPress core (e.g., during bootstrap)
installing Request made during WordPress installation
activate Request made during plugin/theme activation
undetermined The context could not be identified
Need developer documentation?
See Requests Module Developer Documentation for architectural details, class references, REST API
endpoints, and code examples for extending the Crons module programmatically.
← 0 Day Analytics – Mails Module Developer Documentation 0 Day Analytics – Requests Module Developer Documentation →
Share this page
Back to top