WordPress 2.8 loves your proxy

Up until version 2.7.1, running WordPress on an intranet was a real pain in the ass. It connects to the outside world to look for updates, to check comments for spam (using Akismet) or to fetch RSS-feeds for widgets if you configured those on your blog, … But as you typically don’t have direct internet-access on an intranet and as there was no way of letting WordPress know about a proxy, your blog timed out while it was trying to fsockopen those external sites.
chet bakerBut that was yesterday, because the recently released WordPress 2.8 “Baker” (which is chock-full of new features) has support for internet-connections through a proxy, thanks to its great HTTP API. Don’t bother looking for it in the admin-screens, you’ll need to configure the proxy-settings in your wp-config.php.
Here’s what you’ll have to add (values are examples which you’ll have to replace with settings for your environment off course):

define('WP_PROXY_HOST', '192.168.22.1');
define('WP_PROXY_PORT', '9099');

If you need to authenticate to access the proxy you can add your credentials this way:

define('WP_PROXY_USERNAME', 'frank');
define('WP_PROXY_PASSWORD', 's3cr3t');

You can also exclude requests for specific hosts from going through the proxy:

define('WP_PROXY_BYPASS_HOSTS', 'localhost, blog2.corpintranet');

And finally you can block all outgoing requests by default and add domains to a whitelist to only allow those to connect:

define ('WP_HTTP_BLOCK_EXTERNAL', 'true');
define ('WP_ACCESSIBLE_HOSTS', 'api.wordpress.org, akismet.com');

Off course some WordPress-plugins do not use the HTTP API yet (e.g. Lifestream and wp-security-scan rely on Simplepie, which does not use the proxy-aware wp_remote_get-function), so you might have to be careful when installing plugins that need internet-access.

The WordPress-on-an-intranet nightmare

[UPDATE june 2009: this is solved in WordPress 2.8]
wp for dummies book coverHaving a fair amount of experience with WordPress installations and configuration, I wanted to install trusty old WP 2.5.1 on an idle desktop (winXP+xampp) at work to do some blogging on our intranet. The installation itself went smoothly (how hard can unpacking a zip-file be) but after some time the damn thing stopped working, producing nasty timeout-errors caused by a.o. wp-includes/update.php and wp-admin/includes/update.php.
The problem is that WordPress tries to open an internet-connection (using fsockopen) to see if updates are available. Great, except when you’re trying to run WordPress on an intranet behind a proxy without a (direct) connection to the internet. After some unsuccessful fiddling in multiple WordPress php-files, I ended up disabling fsockopen in php.ini (disable_functions)!

Disabling! Fsockopen! In php.ini! Just to have a working WP?

I mean, come on guys, why doesn’t WordPress provide configuration options where you can specify if and how (what type of proxy, what address to find it on, …) it should try to connect to the internet? I even made this truly amazing UI mock-up which you guys can just like copy/paste straight into your code;

_______________________________________________________________________________
How should WordPress connect to the internet to check for updates?
(*) Direct connection to the internet (default)
( ) Use a proxy:
    Proxy type:     (*) http ( ) socks
    Proxy URL:      ___________________________________________
    Proxy User:     ___________________________________________ (optional)
    Proxy Password: ___________________________________________ (optional)
( ) No internet connection available (WordPress won't be able
    to warn you about updates!)
________________________________________________________________________________

_
😉
Pretty please?