GetBowtied and Merchandiser slowing you down?

One of my customers’ WordPress sites suddenly started to take north of 10 – 15 seconds per page load. They use WooCommerce, with the Merchandiser theme (not my pick) — which also uses the getbowtied-tools plug-in. In addition to WP’s typically slow stack, GetBowtied appears to be making external calls on every single page load.

This pretty graph is courtesy of NewRelic:

WTF is all that external traffic?

NewRelic also yielded the name of the actual offending hook. It’s tgmpa_register:

Yep, you read that right, over 6 DAYS of cumulative user wait time in less than on hour of operation.

This didn’t seem to affect the customer-facing side as much, but in the admin panel the performance has been abysmal ever since we took over support for this site, and today was entirely unusable. For a client that pushes through hundreds of thousands in e-commerce business every month, 15 second admin page loads amount to measurable losses.

$36 dollars later, I found out that GetBowtied pretty much just wants you to GetBent. They don’t have any way of contacting support on their site unless you’re authenticated, and authentication against Envato fails. They have a helpful article that makes reference to this difficulty, but, again, no way to actually get in touch! I suspect they get a lot of people sending them $36 with no strings attached — must be nice.

Anyway, a little digging yielded the location of that pesky external call. It’s in wp-content/themes/merchandiser/inc/tgm/plugins.php.

The relevant section:

 array(
               'name'                  => 'GetBowtied Tools', // The plugin name
               'slug'                  => 'getbowtied-tools', // The plugin slug (typically the folder name)
               'source'                => 'https://api.getbowtied.com/v2/getbowtied-tools/update.php', // The plugin source
               'required'              => true, // If false, the plugin is only 'recommended' instead of required
               'version'               => '2.0', // E.g. 1.0.0. If set, the active plugin must be this version or higher, otherwise a notice is presented
               'force_activation'      => false, // If true, plugin is activated upon theme activation and cannot be deactivated until theme switch
               'force_deactivation'    => false, // If true, plugin is deactivated upon theme switch, useful for theme-specific plugins
               'external_url'          => '', // If set, overrides default API URL and points to an external URL
               'image_url'             => ''
        )
    );

//... yadda yadda ...
    tgmpa( $plugins, $config );
}

So, what does it do? I’m not entirely sure, but I decided to just add the following to the /etc/hosts file:

127.0.0.1 api.getbowtied.com

Reloaded, and presto!

Like a new site.

I searched their FAQs for more information, and didn’t find a single reference to the domain. The php file itself makes reference to this being a way to activate Premium Plugins. We don’t use any, so I think we’re safe turning it off.

So far, no complaints from the client.

Leave a comment and let me know if this helped you as well.

PS to GetBowtied people: Making server-side external calls, dozens of times on every request, just so you can check licenses is .. pure evil. There really isn’t a better word to describe what this is doing to your users.

Note: If you don’t have root access, then you will have to redirect using other means. One way is to edit the code block above and change the URL. This means modifying the theme, in which case I recommend you make a child theme and implement the changes there.

Leave a Reply