WordPress auto generates a whole lot of unnecessary tags/elements that can not only slow down your website but also in some cases cause security issues. For instance, the WP Generator header tag gives away the current version of your WordPress site which is definitely not something that you want to reveal.
WordPress actually inserts quite a bit of code into your site header, a lot of which is not even needed for your site and may be beneficial to remove.
WordPress inserts the code into your site head tag via a function name add_action which is used to run functions at specific points (hooks). So to remove the code you will need to use the opposite remove_action function.
Everything we will talk about involves editing one file, the functions.php file, which is included inside every theme folder, on the path /wp-content/themes/your_theme/functions.php.
You can use a plugin such as Code Snippet to add the php code to your theme functions.php file. This allows easy code insertion without meddling with the php file itself.
Or you can also use this WP clean header plugin for ease of mind.
Remove WordPress Generator and Version Number
This element is what displays your WordPress version number in your header.
<meta name=”generator” content=”WordPress 6.8.1″>
No one really needs to know the exact version of WordPress you’re using, so it’s safe to remove them.
Add these lines of codes, the first line will remove the version from your pages head, the second line will remove the version from RSS feeds.
remove_action('wp_head', 'wp_generator');
add_filter( 'the_generator', '__return_null' );Remove RSS Feed
This are the elements that you see in your header.
<link rel=”alternate” type=”application/rss+xml” title=”worldbuilding.site » Feed” href=”https://yourdomain.com/feed/”>
<link rel=”alternate” type=”application/rss+xml” title=”worldbuilding.site » Comments Feed” href=”https://yourdomain.com/comments/feed/”>
Do you know what an RSS feed is? If not, it is safe to remove the RSS links that WordPress generates.
remove_action('wp_head', 'feed_links', 2);
remove_action('wp_head', 'feed_links_extra', 3);Really Simple Discovery (RSD)
This is the element that displays in your header:
<link rel=”EditURI” type=”application/rsd+xml” title=”RSD” href=”https://yourdomain.com/xmlrpc.php?rsd”>
This is the discover mechanism used by XML-RPC clients. If you don’t know what all this means, and/or don’t integrate services like Flickr with your WordPress site, it’s probably safe to remove it with the following code in your theme’s functions file.
remove_action('wp_head', 'rsd_link');Disable JSON REST API link tag
This link tag is added to all front-end pages:
<link rel=”https://api.w.org/” href=”https://yourdomain.com/wp-json/”>
<link rel=”alternate” title=”JSON” type=”application/json” href=”https://yourdomain.com/wp-json/wp/v2/posts/83″>
This markup can be disabled by adding the following code:
remove_action('wp_head', 'rest_output_link_wp_head', 10);Disable oEmbed Discovery Links
<link rel=”alternate” title=”oEmbed (JSON)” type=”application/json+oembed” href=”https://yourdomain.com/wp-json/oembed/1.0/embed?url=post%name%link”>
<link rel=”alternate” title=”oEmbed (XML)” type=”text/xml+oembed” href=”https://yourdomain.com/wp-json/oembed/1.0/embed?url=post%name%link&format=xml”>
remove_action( 'wp_head', 'wp_oembed_add_discovery_links', 10 );Remove shortlink from <head>
The element in the header looks like this:
<link rel=’shortlink’ href=’http://yourdomain.com/?p=1178′ />
WordPress creates a shortlink for all your posts & pages. By default, they use the post ID to create a link with as few characters as possible. This can be useful when sharing on social media sites that put limits on how many characters you can use (ex: Twitter limits to 140 characters).
You can always use this link yourself, even if that line is removed from your <head> section. I can’t think of a good reason you’d want to include that in your <head>.
To remove the shortlink, add the following code.
remove_action('wp_head', 'wp_shortlink_wp_head', 10, 0);Post Relational Links
Post relational links are why these elements is displayed on various pages header.
<link rel=’index’ title=’Main Page’ href=’http://www.example.com’ />
<link rel=’prev’ title=’The Post Before This One’ href=’http://www.example.com/post-before/’ />
<link rel=’next’ title=’The Post After This One’ href=’http://www.example.com/post-after/’ />
I have yet to find an actual reason to keep these around. Some browsers may use this code to navigate your site, although you can probably get the same effect from a well designed theme.
You can remove this information from the <head>, and all of your previous/next links on your site still function as you’d expect them. I can’t think of a good reason to include these in the <head>.
You’ll need these lines of code to remove them:
remove_action('wp_head', 'index_rel_link');
remove_action('wp_head', 'adjacent_posts_rel_link');WordPress Emoji
Since version 4.2, WordPress added support for emojis for older browsers that don’t know how to render them appropriately. However, version 4.2 was released in 2015, which means that it is almost guaranteed that you won’t need such support anymore, as almost everybody is using a modern browser.
WordPress makes your visitors to load an extra JavaScript file to your site (wp-emoji-release.min.js). <script> window._wpemojiSettings
To disable it, add the following codes:
/* Disable emoji */
remove_action( 'wp_head', 'print_emoji_detection_script', 7 );
remove_action( 'wp_print_styles', 'print_emoji_styles' );
remove_action( 'admin_print_scripts', 'print_emoji_detection_script' );
remove_action( 'admin_print_styles', 'print_emoji_styles' );
/* disable emoji s.w.org DNS prefetch */
add_filter('wp_resource_hints', function (array $urls, string $relation): array {
if ($relation !== 'dns-prefetch') {
return $urls;
}
$urls = array_filter($urls, function (string $url): bool {
return strpos($url, 's.w.org') === false;
});
return $urls;
}, 10, 2);Depreciated
First Post Title
<link rel=’start’ title=’Title of First Post’ href=’http://yourdomain.com/first-post/’ />
It was deprecated in version 3.3. If you’re using version 3.3 or higher, no need to worry. It should not be present on your site.
Windows Live Writer
<link rel=”wlwmanifest” type=”application/wlwmanifest+xml” href=”http://example.com/wp-includes/wlwmanifest.xml”
Windows Live Writer was a discontinued desktop blog-publishing application that was part of the Windows Live suite by Microsoft.
wlwmanifest_link is deprecated in WordPress 6.3.0 as of August 2023 and no longer included in core so you probably don’t have to add any code to remove action of wlwmanifest anymore.