Table of contents

• Quick overview
• What "connected" actually gives a dApp (can they hack you?)
• How to check connected sites in MetaMask (desktop / extension)
  • Step by step (extension)
  • Quick developer check (console)
• How to check connected sites in MetaMask (mobile)
  • Step by step (mobile)
• How to disconnect MetaMask from a site (desktop and mobile)
• Wallet connection request pending in MetaMask: troubleshooting
• Revoking token approvals vs disconnecting (what disconnect does not do)
• Extension vs mobile: quick comparison
• Best practices: daily habits and who this wallet is for
• Testing methodology (how I tested these steps)
• FAQ
• Conclusion and next steps

Manage dApp Connections in MetaMask — Check & Disconnect Sites

Short version: you should check connected sites regularly. Connected sites let dApps read your account address and request transactions. They cannot move funds without your signature, but approvals and signatures can be dangerous. I’ve been using MetaMask daily to connect to DEXes, staking UIs, and NFT marketplaces, and these checks saved me from several risky approvals.

What "connected" actually gives a dApp (can they hack you?)

Connected simply means the website can see your account address and ask MetaMask to prompt you for transactions or signatures. So, can a connected site hack you? No, not by mere connection. A site cannot send funds out of your wallet without an on-chain transaction you sign. But there are real risks:

• Signature requests can be crafted to authorize actions (claiming access or signing messages used in exploits).
• Token approvals let contracts spend your tokens; unlimited approvals are the most common way funds are drained.
• Malicious dApps can phish by showing fake UI and asking you to sign.

In my experience, the biggest danger is approving token allowances you don’t understand. And yes, disconnecting a site does not revoke an allowance (more on that below).

How to check connected sites in MetaMask (desktop / extension)

Step by step (extension)

1. Open the MetaMask extension and unlock your account.
2. Click the circular account icon (top-right of the popup) to open the account menu.
3. Select Connected sites.
4. Review the list of domains. Click the three-dot menu next to any site and choose Disconnect / Remove.

Screenshot placeholder (extension connected sites):

This is the primary place to answer the search intent check connected sites MetaMask or metamask check if connected.

Quick developer check (console)

If you want to know from a dApp whether MetaMask is connected, run this in the page console (or build it into your app):

if (typeof window.ethereum !== 'undefined') {
  ethereum.request({ method: 'eth_accounts' }).then(accounts => {
    console.log('Connected accounts:', accounts);
  });
}

If accounts is an empty array, MetaMask is not currently connected to that site (or the user has not approved access yet).

How to check connected sites in MetaMask (mobile)

Mobile has the same concept but a slightly different path.

1. Open the MetaMask mobile app and unlock.
2. Tap the menu (top-left or bottom-right, depending on app version).
3. Choose Settings > Security & privacy > Connected sites (or tap Connected sites directly if visible).
4. Tap a site to Disconnect.

Screenshot placeholder (mobile connected sites):

For a mobile-specific walkthrough see the internal guide on connected-sites-mobile.

How to disconnect MetaMask from a site (desktop and mobile)

Disconnecting is easy but understand the effect. Steps above show where to remove a site. When you disconnect:

• The site can no longer see your address or ask for transactions (without a fresh connect).
• Existing on-chain token allowances remain until revoked.

Step-by-step: open Connected sites -> locate domain -> Disconnect. If the dApp still shows you as connected, refresh the page and pick a different account (or re-open the tab).

If you want a guided walkthrough, check disconnect-and-remove-connected-sites.

Wallet connection request pending MetaMask: troubleshooting

Sometimes a dApp shows "wallet connection request pending MetaMask" and nothing happens. What then?

• Open the MetaMask popup — the approval prompt may be waiting there (browser popup blocked?).
• If the popup never appears, reload the dApp and try again.
• Try a different browser profile or disable extension blockers.
• If you used WalletConnect on mobile, check the mobile app to accept or reject the request.

If a request is stuck and you never approved it, disconnect the site from Connected sites and clear the dApp's session (refresh or logout on the site). But remember: disconnecting a site that never completed a connection often just resets the UI; it does not affect on-chain allowances.

Revoking token approvals vs disconnecting

Disconnecting is not the same as revoking token approvals. A site you disconnected can still have an allowance granted on a token contract. To fully cut access:

1. Use on-chain allowance revocation tools (see token-approvals-and-revoke).
2. For large exposure, move tokens to a fresh account (and revoke approvals first).

But keep in mind: revoking requires a transaction (gas fees) on the relevant blockchain. If you see a suspicious approval, act quickly.

Extension vs mobile: quick comparison

Feature	Extension (desktop)	Mobile app
View connected sites	Yes (quick access)	Yes (in Settings)
Disconnect sites	Yes	Yes
Immediate prompt visibility	Generally faster (desktop)	Works well for WalletConnect and in-app browser
Convenience for daily dApp use	Good for multi-tab workflows	Best if you mostly use mobile dApps

Best practices: daily habits and who this wallet is for

Who this software wallet is best for:

• Users who interact with EVM-compatible DeFi, L2s, and dApps frequently.
• People who want easy account switching and hardware wallet integrations (for bigger balances) — see connect-ledger-to-metamask.

Who should look elsewhere:

• Users who need native Solana-first features (see solana-and-metamask-compatibility).
• People who want custodial or institutional custody options.

Daily quick checklist I use:

• Check connected sites weekly.
• Revoke unused allowances (or use a burner account for random dApps).
• Keep large funds in a hardware wallet (I do this for holdings I don’t trade daily). But I still use MetaMask as my daily interaction wallet.

Testing methodology (how I tested these steps)

Transparent testing so you can replicate:

• Devices: Chrome desktop extension and Android + iOS MetaMask mobile app.
• Sites used: a test DEX UI, an NFT marketplace demo, and a localhost dApp I run on a local RPC.
• Actions: connect, disconnect, create a token allowance, then disconnect and confirm allowance persisted on-chain.

To reproduce: run a local webpage that calls ethereum.request({ method: 'eth_requestAccounts' }), then follow the extension/mobile steps above to see the prompt and then inspect Connected sites.

FAQ

Q: Is it safe to keep crypto in a hot wallet? A: Hot wallets trade security for convenience. Keep only what you use day-to-day in a hot wallet. Store long-term holdings in cold storage or a hardware wallet.

Q: How do I revoke token approvals? A: Disconnecting is not enough. Use an allowance-revoke tool or follow the step-by-step at token-approvals-and-revoke.

Q: What happens if I lose my phone? A: If you have your seed phrase, you can restore your wallet on a new device. See backup-and-recovery-seed-phrase and lost-phone-reset-recovery.

Conclusion and next steps

Checking connected sites MetaMask and disconnecting when you’re done is a small habit that reduces exposure. I believe a few minutes a week is worth it. Want deeper guidance? Read the walkthrough on connect-metamask-to-dapps, the guide for connected-sites-mobile, and the token safety tips at transaction-simulation-and-safety. For a focused walk-through on revoking allowances, open token-approvals-and-revoke.

If you only remember one thing: disconnect sites you no longer use, and revoke approvals you don't recognize. Simple. Effective. And it keeps your on-chain footprint smaller.