WordPress adds several pieces of information to the <head>
section of your website. Often times, this information is useful, and sometimes necessary, for your site to work as intended. But some of the meta data provides information to robots scraping your site, as well as hackers trying to gather information about your site so they can hack into it.
Some of the information does not pose a direct security threat, but is simply extra code that is not needed. Removing this code won’t provide any huge page speed increases, or help you out in any drastic way, but for the sake of keeping your site as clean & lean as possible, we recommend you remove the items you don’t need.
This is part of our series on WordPress security. Learn how to secure your WordPress site from hackers & other threats.
Cleaning up the <head> section
Remove WordPress Version from <head>
The WordPress version you are currently running is displayed in the <head>
section of all the pages on your site. As the site admin, you should be aware of what version you are running, but you can see that from within the admin area. There is no reason (that I can think of) why you’d want your site visitors (and bots and potential hackers) to be able to see that information.
The security bugs that are exposed, and then quickly patched, are public information. If a hacker or robot scrapes your site, and figures out that you are running an older version of WordPress, they will now know what types of security vulnerabilities your site is exposed to. They can use this information to more easily gain access to your site.
The code in your <head>
looks like this:
<meta name="generator" content="WordPress 3.7.1" />
To remove the WordPress version, add the following code to your functions.php
file, or a custom plugin:
remove_action('wp_head', 'wp_generator');
Remove revslider generator <meta> tag
For those using the Slider Revolution plugin, you might see another generator <meta>
tag being output in your <head>
section:
<meta name="generator" content="Powered by Slider Revolution 5.1.5 - responsive, Mobile-Friendly Slider Plugin for WordPress with comfortable drag and drop interface." />
To remove the revslider <meta>
generator tag, simply add this to your functions.php
, or a custom functions plugin:
function remove_revslider_meta_tag() {
return '';
}
add_filter( 'revslider_meta_generator', 'remove_revslider_meta_tag' );
Remove wlwmanifest_link from <head>
The wlwmanifest_link
is only necessary if you are administering your site using Windows Live Writer. This is a third-party writing platform developed & maintained by Microsoft. If you only administer your site by logging into the WordPress Admin with a web browser, then you can safely remove this from your <head>
section.
The code in your <head>
looks like this:
<link rel="wlwmanifest" type="application/wlwmanifest+xml" href="http://yourdomain.com/wp-includes/wlwmanifest.xml" />
To remove the wlwmanifest_link
, add the following code to your functions.php
file, or a custom plugin:
remove_action('wp_head', 'wlwmanifest_link');
Remove rsd_link from <head>
“RSD” stands for Really Simple Discovery. It is a protocol used by various pieces of desktop software to connect to & access your WordPress site. Just like the wlwmanifest_link above, if you are only editing your site by logging into the WordPress Admin with a web browser, then you can safely remove this from your <head>
section.
The code in your <head>
looks like this:
<link rel="EditURI" type="application/rsd+xml" title="RSD" href="http://yourdomain.com/xmlrpc.php?rsd" />
To remove the rsd_link
, add the following code to your functions.php
file, or a custom plugin:
remove_action('wp_head', 'rsd_link');
Remove shortlink from <head>
WordPress creates a shortlink for all your posts & pages. By default, they use the post ID to create a link with as few characters as possible. This can be useful when sharing on social media sites that put limits on how many characters you can use (ex: Twitter limits to 140 characters).
The code in your <head>
looks like this:
<link rel='shortlink' href='http://yourdomain.com/?p=1178' />
You can always use this link yourself, even if that line is removed from your <head>
section. I can’t think of a good reason you’d want to include that in your <head>
.
To remove the shortlink, add the following code to your functions.php
file, or a custom plugin:
remove_action('wp_head', 'wp_shortlink_wp_head', 10, 0);
Remove previous/next post links from <head>
When you’re viewing a single post on your site, WordPress adds previous & next post link information to the <head>
section of the page. You can remove this information from the <head>
, and all of your previous/next links on your site still function as you’d expect them. I can’t think of a good reason to include these links in the code.
The code in your <head>
looks like this:
<link rel='prev' title='Title of Previous Post' href='http://yourdomain.com/?p=1176' />
<link rel='next' title='Title of Next Post' href='http://yourdomain.com/?p=1178' />
To remove the previous/next post links, add the following code to your functions.php
file, or a custom plugin:
remove_action('wp_head', 'adjacent_posts_rel_link_wp_head', 10, 0);
You might also have a line that looks like this:
<link rel='start' title='Title of First Post' href='http://yourdomain.com/first-post/' />
This is similar to the previous/next links above, but it was deprecated in version 3.3. If you’re using version 3.3 or higher, no need to worry. It should not be present on your site. For WordPress versions before 3.3, add the following line to your functions.php
(or a custom plugin) to remove it:
remove_action('wp_head', 'start_post_rel_link', 10, 0);
That will remove all the completely unnecessary items from the <head>
section. There are other ways to customize the output in your <head>
section, but we’ll cover those in another article.
We Recommend
https://kinsta.com › wordpress-hosting
Fast and secure infrastructure, worldwide CDN, edge caching, 35 data centers, and enterprise-level features included in all plans. Free site migrations.
https://gravityforms.com › features
Create custom web forms to capture leads, collect payments, automate your workflows, and build your business online. All without ever leaving WordPress.
Leave a Comment