add_action('wp_enqueue_scripts', 'ec_disable_dashicons');
function ec_disable_dashicons(){
if(!is_user_logged_in()) {
wp_dequeue_style('dashicons');
wp_deregister_style('dashicons');
}
}
They are smileys used on the Internet. If you don’t use it, Emojis script (wp-emoji-release.min.js) in WordPress creates an extra request, which adds to total page load time, and slows down your WordPress site. Professional website never use it.
add_action( 'init', 'ec_emoji_scripts' );
function ec_emoji_scripts() {
remove_action( 'wp_head', 'print_emoji_detection_script', 7 );
remove_action( 'admin_print_scripts', 'print_emoji_detection_script' );
remove_action( 'wp_print_styles', 'print_emoji_styles' );
remove_action( 'admin_print_styles', 'print_emoji_styles' );
remove_filter( 'the_content_feed', 'wp_staticize_emoji' );
remove_filter( 'comment_text_rss', 'wp_staticize_emoji' );
remove_filter( 'wp_mail', 'wp_staticize_emoji_for_email' );
add_filter('tiny_mce_plugins', function ($plugins) {
if (is_array($plugins)) {
return array_diff($plugins, array('wpemoji'));
} else {
return array();
}
});
add_filter('wp_resource_hints', function ($urls, $relation_type) {
if ('dns-prefetch' === $relation_type) {
$emoji_svg_url = apply_filters('emoji_svg_url', 'https://s.w.org/images/core/emoji/2/svg/');
$urls = array_diff($urls, array($emoji_svg_url));
}
return $urls;
}, 10, 2);
}
WordPress site now to load the wp-embed.min.js file. And this loads on every single page.
The request itself is sometimes a bigger deal than the content download size.
add_action('init', 'ec_disable_embeds', 9999);
function ec_disable_embeds(){
global $wp;
$wp->public_query_vars = array_diff($wp->public_query_vars, array('embed'));
add_filter('embed_oembed_discover', '__return_false');
remove_filter('oembed_dataparse', 'wp_filter_oembed_result', 10);
remove_action('wp_head', 'wp_oembed_add_discovery_links');
remove_action('wp_head', 'wp_oembed_add_host_js');
add_filter('tiny_mce_plugins', function( $plugins ) {
return array_diff($plugins, array('wpembed'));
});
add_filter('rewrite_rules_array', function($rules) {
foreach($rules as $rule => $rewrite) {
if(false !== strpos($rewrite, 'embed=true')) {
unset($rules[$rule]);
}
}
return $rules;
});
remove_filter('pre_oembed_result', 'wp_filter_pre_oembed_result', 10);
}
Introduced in recent versions of WooCommerce and WordPress, there is an integrated Password Strength Meter which forces users to use strong passwords.
It loads below file password-strength-meter.min.js zxcvbn.min.js
add_action('wp_print_scripts', function(){
if( is_admin() ) {
return;
}
if( ( isset($GLOBALS['pagenow']) && $GLOBALS['pagenow'] === 'wp-login.php' ) || ( isset($_GET['action']) && in_array($_GET['action'], array('register','rp', 'lostpassword' )) ) ) {
return;
}
if( class_exists('WooCommerce') && (is_account_page() || is_checkout()) ) {
return;
}
wp_dequeue_script('password-strength-meter');
wp_deregister_script('password-strength-meter');
wp_dequeue_script('wc-password-strength-meter');
wp_deregister_script('wc-password-strength-meter');
wp_dequeue_script('zxcvbn-async');
wp_deregister_script('zxcvbn-async');
}, 100);
Display the link to the Really Simple Discovery service endpoint. For more info https://developer.wordpress.org/reference/functions/rsd_link/
remove_action('wp_head', 'rsd_link');
Shortlink is nothing but the shorter version of the post or page URL.
function ec_remove_shortlink() {
remove_action('wp_head', 'wp_shortlink_wp_head', 10);
remove_action( 'template_redirect', 'wp_shortlink_header', 11);
}
add_filter('after_setup_theme', 'ec_remove_shortlink');
WordPress automatically adds a wlwmanifest link to your site header for Windows Live Writer support. This is a link tag with a reference to your site's wlwmanifest.xml file: Like. <link rel="wlwmanifest" type="application/wlwmanifest+xml" href="https://ecaddons.com/wp-includes/wlwmanifest.xml" />
remove_action('wp_head', 'wlwmanifest_link');
RSS (RDF Site Summary or Really Simple Syndication) is a web feed that allows users and applications to access updates to websites in a standardized, computer.
function ec_disable_rss() {
wp_die( __( 'No feed available, please visit the homepage!' ) );
}
add_action('do_feed', 'ec_disable_rss', 1);
add_action('do_feed_rdf', 'ec_disable_rss', 1);
add_action('do_feed_rss', 'ec_disable_rss', 1);
add_action('do_feed_rss2', 'ec_disable_rss', 1);
add_action('do_feed_atom', 'ec_disable_rss', 1);
add_action('do_feed_rss2_comments', 'ec_disable_rss', 1);
add_action('do_feed_atom_comments', 'ec_disable_rss', 1);
remove_action('wp_head', 'wlwmanifest_link');
need few line of code in function.php
add_action( 'feed_links_show_posts_feed', '__return_false', - 1 );
add_action( 'feed_links_show_comments_feed', '__return_false', - 1 );
remove_action( 'wp_head', 'feed_links', 2 );
remove_action( 'wp_head', 'feed_links_extra', 3 );
Trackbacks and Pings or Self Pingbacks allow blogs to notify each other that they have linked to a post. However, today it is mainly used by spammers to send trackbacks from spam websites.
function ec_disable_self_pingbacks( &$links ) {
foreach ( $links as $l => $link )
if ( 0 === strpos( $link, get_option( 'home' ) ) )
unset($links[$l]);
}
add_action( 'pre_ping', 'ec_disable_self_pingbacks' );
# Block WordPress xmlrpc.php requests
order deny,allow
deny from all
allow from xxx.xxx.xxx.xxx
Trackbacks and Pings or Self Pingbacks allow blogs to notify each other that they have linked to a post. However, today it is mainly used by spammers to send trackbacks from spam websites.
XML-RPC for WordPress was designed to enable remote connections between your site and external applications. WHY SHOULD I DISABLE XML-RPC? There are security risks associated with leaving XML-RPC enabled. These can include: Brute Force Attacks and DDoS Attack
add_filter('xmlrpc_enabled', '__return_false');
add_filter('wp_headers', 'removeXPingback');
add_filter('pings_open', '__return_false', 9999);
function removeXPingback($headers) {
unset($headers['X-Pingback'], $headers['x-pingback']);
return $headers;
}
# Block WordPress xmlrpc.php requests
order deny,allow
deny from all
allow from xxx.xxx.xxx.xxx
You can replace xxx.xxx.xxx.xxx with an IP address you wish to give access to xmlrpc.php. If you wish to remove access completely, you can simply remove this line.
By default, WordPress leaves its footprints on your site for the sake of tracking. In sometimes this footprint might be a security leak on your site if you are not running the most updated version of WordPress.
remove_action('wp_head', 'wp_generator');
add_filter('the_generator', function(){
return '';
});
That's all, I hope it helped you in your WordPress site.If you have liked this post, please share it, and don't forget to share your thoughts.