Last Revised: October 2, 2021
Like most content management systems, WordPress clearly identifies itself and offers certain services that we will later use (or not). And usually this fact involves small elements that let you see information and decrease security.
This is why it is highly recommended to hide certain headers that appear in the <head>
(or other elements, such as feeds) of the page. There are a couple of dozens of codes that can be deleted if we do not want to have certain elements working.
Disable headers
<?php
/**
* Remove feeds and wordpress-specific content that is generated on the wp_head hook.
*
* @link https://developer.wordpress.org/reference/hooks/wp_head/
*/
add_action(
'init',
function () {
// Remove the Really Simple Discovery service link
remove_action( 'wp_head', 'rsd_link' );
// Remove the link to the Windows Live Writer manifest
remove_action( 'wp_head', 'wlwmanifest_link' );
// Remove the general feeds
remove_action( 'wp_head', 'feed_links', 2 );
// Remove the extra feeds, such as category feeds
remove_action( 'wp_head', 'feed_links_extra', 3 );
// Remove the displayed XHTML generator
remove_action( 'wp_head', 'wp_generator' );
// Remove the REST API link tag
remove_action( 'wp_head', 'rest_output_link_wp_head', 10 );
// Remove oEmbed discovery links.
remove_action( 'wp_head', 'wp_oembed_add_discovery_links', 10 );
// Remove rel next/prev links
remove_action( 'wp_head', 'adjacent_posts_rel_link', 10, 0 );
// Remove prefetch url
remove_action( 'wp_head', 'wp_resource_hints', 2 );
}
);
I recommend that if you want to know what each function is, analyze it with the WordPress Codex documentation. The actions commented on are because they are of old versions, in principle already obsolete.
Seguir con Seguridad para WordPress
Actual
- wp-config.php
- Security Keys
- Cookies
- Cabeceras inconvenientes
- Unificar CSS y JavaScript
- Ocultar la versión de WordPress
- Caché
- Carpetas por defecto
- Post instalación
- Edición de ficheros
- URL del sitio
- Servidores externos
- XML-RPC
- Acceso a wp-admin
- Actualizaciones automáticas
- Usuarios
- Limpieza de multimedia
- robots.txt
- Plantilla por defecto
- Emoji
- Subir ficheros sin filtro
About this document
This document is regulated by the EUPL v1.2 license, published in WP SysAdmin and created by Javier Casares. Please, if you use this content in your website, your presentation or any material you distribute, remember to mention this site or its author, and having to put the material you create under EUPL license.