10 Tags to Remove for Cleaning a WordPress Business Website's Head

Here's 10 tags to remove for cleaning a WordPress business website's head.

These ten WordPress actions are injected into the head section of your website by default. WordPress puts them there without ever asking if you want them there. Sometimes – like if you're operating a blog website – some of these tags may be useful.

However, other times – like if you're running a for profit business's website – these tags can amount to a security risk. Allowing anyone who looks at the source code of your website to immediately identify that the website is using WP as its content management system is bad because it gives malicious people a place to start their malicious activities, as well as significantly narrows the scope of how they may choose to negatively impact your website. Obscuring the fact you're using WordPress helps keep your website safer than if you're airing out your technology for all to see.

Another reason to disguise your WordPress website as just another website is to keep your content safer. Removing links to RSS feeds, JSON APIs, and linked pages helps keep visitors browsing in the moment (i.e. on the current page) and slows them down from snooping around or hot-linking your copyrighted content. If you don't know a website has an RSS feed or a publicly accessible JSON API then you're much less likely to go looking for it or linking to it.

Aside from security and obscurity, a third and simple reason to remove these ten WordPress tags from the head of your website is, so there's less code on the page. These ten actions may not remove code that are directly causing slower web pages, but less code is less code – and less code means less to load. Also, some services that actually use some of the META data typically found in a website's head can't find the code they need when the code they're looking for is pushed down too far due to lots of unneeded code (like the code you can remove by disabling these ten WordPress actions) being layered on top and above it.

In my opinion, security alone is enough beneficial reason to clean your WordPress website's code up and remove any reference to the fact that the site is built with WordPress.

Here's ten actions you can remove from WordPress to help clean up and safeguard your WP-built website.

remove_action( 'wp_head', 'wp_generator'); // Remove 'wordpress generator v.x.x.x' tag from WP head
remove_action( 'wp_head', 'feed_links_extra', 3 ); // Displays the links to the extra feeds such as category feeds
remove_action( 'wp_head', 'feed_links', 2 ); // Displays the links to the general feeds: Post and Comment Feed
remove_action( 'wp_head', 'rsd_link' ); // Displays the link to the Really Simple Discovery service endpoint, EditURI link
remove_action( 'wp_head', 'wlwmanifest_link' ); // Displays the link to the Windows Live Writer manifest file.
remove_action( 'wp_head', 'index_rel_link' ); // index link
remove_action( 'wp_head', 'parent_post_rel_link', 10, 0 ); // prev link
remove_action( 'wp_head', 'start_post_rel_link', 10, 0 ); // start link
remove_action( 'wp_head', 'adjacent_posts_rel_link', 10, 0 ); // Display relational links for the posts adjacent to the current post.
remove_action( 'wp_head', 'rest_output_link_wp_head' );

Copy and paste the code above directly into your WordPress theme's function.php file and the rest takes care of itself.