How to Manage the WordPress Heartbeat API

The WordPress Heartbeat API has been around for almost a decade. It provided seamless real-time communication between the WordPress dashboard and the host server. Built into WordPress core, the Heartbeat API offers powerful functionality that can significantly improve the website administration experience.

This power, however, comes at a price. It is the number of server resources required to keep communication running smoothly. Running resource-intensive websites or having your hosting provider impose strict limits on memory and CPU time can lead to a noticeable performance degradation where Heartbeat API may play a role.

In this guide, we will uncover the potential of the WordPress Heartbeat API and its role in the WordPress ecosystem. You will learn how Heartbeat API works. You’ll also learn why you may need to consider limiting its activity on your WordPress site. This will help you achieve better performance without having to upgrade your hosting plan.

What is the WordPress Heartbeat API?

The WordPress Heartbeat API is an interface built into WordPress core that enables real-time communication between the server and the WordPress dashboard. The Heartbeat API was first introduced in 2013 with the release of WordPress 3.6. It provided major improvements to content management and other key areas of website administration.

Why is the Heartbeat API so Important?

The WordPress dashboard is largely a client-side application. This means that the majority of the action takes place in the user’s browser. As a front-end application, the WordPress admin area does not have direct access to the WordPress database, where website content and other key information are stored.

To function properly, the WordPress dashboard needs to be able to communicate with the server to send and receive data. Application Programming Interfaces (APIs) such as the WordPress Heartbeat API make it possible to receive updates in real time without having to reload the whole page to display any new information.

To provide a seamless user experience, the WordPress dashboard sends requests to the server behind the scenes frequently enough to eliminate any update delays for the WordPress users who are logged in and working on the website. The Heartbeat API will send requests to the server and API calls every 15 to 120 seconds.

Three Key Features WordPress Heartbeat API Powers

The WordPress Heartbeat API powers three key features that make website administration easier and more convenient. These features are autosaves, content locking, and real-time dashboard notifications. They are especially important for community or collaboratively edited websites that have multiple users logged in and active at the same time.

1. Autosaves and Revisions

Autosaves and revisions are one of the key features provided by WordPress Heartbeat API. Whenever a user is working in the Block editor, WordPress performs content autosaves every 60 seconds. This ensures that no changes are left unsaved. By sending requests to the server every minute, WordPress Heartbeat API saves a working copy of a post or page to its database that will be stored there until a new autosave runs.

WordPress autosaves powered by Heartbeat API are extremely useful. They can prevent data loss in case of a browser crash or connection issues. Autosaves do not replace any revisions created by the user and do not accumulate in the database.

2. Content Locking

Content locking is another feature WordPress Heartbeat API enables to provide a better editing experience for WordPress website owners. If a post or a page is currently being edited, WordPress will lock it to prevent other users from making changes to it. WordPress Heartbeat API will send requests to the server every 15 seconds. It will show a notification if another user opens the locked content for editing.

3. Real-time Dashboard Notifications

The WordPress Heartbeat API powers real-time dashboard notifications, including those sent by plugins. The reliability of the client-server communication Heartbeat API provides has led thousands of WordPress plugin developers to integrate it into their applications.

The default interval for WordPress Heartbeat API calls in the website’s admin area is 15 seconds. Plugin developers wishing to use the API functionality can configure custom intervals for exchanging data between the client application and the server.

How Does WordPress Heartbeat API Work?

WordPress Heartbeat API uses AJAX — Asynchronous JavaScript And XML — to communicate with the server from the admin dashboard. The application programming interface gathers data and sends it via what’s known as a jQuery event. An admin-ajax handler receives the data and processes it on the server side, subsequently preparing and returning a response in JSON format.

When the WordPress dashboard loads, the client-side code sets up an interval, also known as a tick, to run every 15 to 120 seconds, depending on the task. The Heartbeat API code is tasked with gathering data on the client side and communicating it to the server to receive updates.

The total number of Heartbeat API calls depends on the number of active users working on the website at the same time. This is the same as the number of WordPress dashboard instances loaded. Having the WordPress admin area opened in multiple browser windows creates the same number of Heartbeat API calls as if multiple users were logged into the website’s backend and performing tasks at the same time.

Why Limit WordPress Heartbeat API Calls?

Limiting WordPress Heartbeat API calls can help speed up WordPress sites that have a very limited pool of server resources allocated, especially when it comes to CPU time. Although the Heartbeat API is not likely to be the key issue behind poor website performance, it is definitely something to take into consideration.

Each time the Heartbeat API communicates with the server, a POST HTTP request is made to the admin-ajax.php file in wp-admin. As Heartbeat API calls are sent to the server every 15-120 seconds, and the number increases if there is more than one active admin user, the API can overload the server, resulting in high CPU and system memory usage.

Some WordPress website owners can even mistake the Heartbeat API activity for an ongoing DDOS attack. WordPress Heartbeat API requests can’t be cached, so that each call will use a certain amount of server resources. If the server is actively using its resources to handle API calls, your customers can experience delays in content rendering when browsing your website.

Three Things to Consider Before Disabling Heartbeat API

Disabling the Heartbeat API entirely is rarely a good idea. The WordPress dashboard will lose its ability to communicate with the server in real time for the most part. With the Heartbeat API disabled, you will no longer be able to receive notifications. Also, you won’t be able to take advantage of content locking, autosaves, and revisions.

The three key things to consider before disabling the Heartbeat API or limiting its activity are:

• Hosting. Review how much CPU time and system memory is allocated to your website. Is there a limit on the number of processes your website can create?
• Time spent on website administration. How much time do you spend on administration and content publishing? How many active users often work in the WordPress dashboard and back-end interfaces at the same time?
• Daily traffic received. How many daily visitors does your WordPress website receive? Do you have any caching solutions in place to ease the load on the server?

Depending on the website type and your current hosting setup, limiting the number of WordPress Heartbeat API calls will have a different impact on the overall performance. If you are running a resource-intensive WordPress site with multiple users performing regular maintenance and posting content, reducing the number of Heartbeat API calls can be highly beneficial. It can also help you avoid increasing your hosting costs in an attempt to accommodate increasing amounts of traffic.

How to Manage WordPress Heartbeat API with a Plugin

The easiest way to manage WordPress Heartbeat API requests is by using a WordPress plugin designed for this. There are several different solutions you can take advantage of. Heartbeat Control, developed by WP Rocket, is one of the best and most popular.

Heartbeat Control

Install and activate the Heartbeat Control plugin from the WordPress dashboard. Navigate to Settings > Heartbeat Control to open the plugin’s configuration. Heartbeat Control allows you to manage the activity of the Heartbeat API on the website’s frontend, the WordPress dashboard, and in the Block editor using the following options:

• Allow Heartbeat. If this option is enabled, the plugin will not limit the Heartbeat API calls in any way.
• Disable Heartbeat. Disabling Heartbeat will block all API calls in the chosen areas of your WordPress website.
• Modify Heartbeat. You can set a custom interval for WordPress Heartbeat API calls, ranging from 15 to 300 seconds.

Most of the time, configuring a bigger interval for WordPress Heartbeat API calls is the best course of action. For example, limiting the number of API calls to one every five minutes in all three areas of your website will have the same effect on the overall performance as disabling the Heartbeat API altogether.

Please note that limiting the Heartbeat API activity in the Block editor may require you to save revisions more often to avoid losing any changes to the content you are editing. If you do not rely on autosaves and do not need content locking, you can disable WordPress Heartbeat API in Gutenberg altogether.

How to Restrict WordPress Heartbeat API Calls Without a Plugin

You can restrict WordPress Heartbeat API calls without a plugin by using WordPress hooks. Adding a few lines of code to your website’s active theme functions.php file can help you to disable the Heartbeat API or specify a custom interval for API calls. 

WordPress comes with the built-in Theme Editor that allows you to modify functions.php from the admin dashboard. However, most WordPress security plugins, such as Solid Security Pro, disable this functionality to protect your website in case it gets compromised.

You can edit the file using the file manager interface provided by your hosting control panel or by connecting to your website files via FTP or SSH. If Kadence WP is your WordPress block theme of choice, you can find the functions.php file in the Kadence folder inside your WordPress content directory.

Please note that any code added to the functions.php file will most likely be overwritten by the theme’s next update. Therefore, it may be better to manage the WordPress Heartbeat API using a plugin. If you use a child theme, you can change its functions.php file without the risk of having it overwritten when the parent theme is updated.

Don’t Forget to Save a Backup of Your WordPress Site First

Saving backups is an important part of website administration. This will allow you to recover from any errors and quickly restore your website in an emergency. Make sure you back up your website before editing any WordPress core or theme files.

Using a WordPress backup plugin helps you create a strong backup strategy. You’ll have a working copy of your website whenever you need it. Have your website backups stored at a remote location, and leverage custom backup schedules and one-click restores with Solid Backups. 

Disable the Heartbeat API

Adding the action below allows you to stop the Heartbeat API, effectively disabling all API calls. To achieve that, add the code snippet below to the bottom of functions.php.

function wb_stop_heartbeat() {
 wp_deregister_script('heartbeat');
}
add_action('init', 'wb_stop_heartbeat', 1);

You can disable a specific feature in the WordPress Heartbeat API the same way.

function disable_autosave() {
 wp_deregister_script('autosave');
}
add_action('admin_init', 'disable_autosave');

Configure a Custom Interval for the Heartbeat API Calls

To limit WordPress Heartbeat API calls, you can specify a filter that will configure a custom interval for the API requests. The following code snippet limits the Heartbeat API calls to one request per minute.

function wb_set_heartbeat_time_interval($settings) {
 $settings['interval']=60;
 return $settings;
}
add_filter('heartbeat_settings', 'wb_set_heartbeat_time_interval');

Configure a Custom Interval for WordPress Autosaves

WordPress allows you to configure a custom interval for autosaves by redefining the AUTOSAVE_INTERVAL constant. Similar to other constants, you can assign it a new value by adding the following line to your main WordPress configuration file:

define('AUTOSAVE_INTERVAL', 300);

You can assign the interval a bigger value, such as 3600, which is an hour, to disable WordPress autosaves altogether. WordPress constants configured in wp-config.php do not get modified during any WordPress updates. You will not have to redefine them later.

Wrapping up

WordPress’s Heartbeat API is one of the key features built into WordPress core that enables real-time client-server communication using AJAX calls. The application programming interface allows WordPress to exchange data between the server and the WordPress dashboard to provide a better administration experience.

The Heartbeat API sends requests to the server several times a minute. This can result in an increased load on the server and degraded performance. You can limit Heartbeat API calls by using a plugin, adding WordPress hooks, or defining WordPress constants.

Solid website performance is vital, but so is security. Solid Security will help protect all areas of your WordPress website, so your business stays online no matter what. Discover how you can secure your online presence, including multi-factor authentication, file change monitoring, and vulnerability scanning, with Solid Security Pro.