You get only 2 seconds to convince your visitors about your relevance. If you fail, the visitor clicks the back button and leave your site for good. Here’s how you can stop it.
Building a self-hosted WordPress website is easy but, as a WordPress developer, you should know how to make your installation safe and secure so you can protect it from potential hackers. Even as the team at WordPress is constantly hard at work to strengthen the security of their software, it makes a lot of sense to optimize it further for added security. Similarly, WordPress ships with a few features that are rather unnecessary.
The following coding snippets in the functions.php file of your theme will help you experience better WordPress.
Remove Meta Tags from WordPress Header
Hackers always look for WordPress blogs and sites that are running on older software or less secure versions. It’s easy for them to look at the HTML source code of your website and find which version of WordPress your website is running on. The default WordPress installation carries the following meta tags in its header, which tells the hacker if your website is running on an older version of WordPress software.
<meta name=”generator” content=”WordPress 4.1″ />
Add the following lines of code to your functions.php file of theme folder and remove the meta tags from WordPress header.
remove_action( ‘wp_head’, ‘wp_generator’ ) ;
remove_action( ‘wp_head’, ‘wlwmanifest_link’ ) ;
remove_action( ‘wp_head’, ‘rsd_link’ ) ;
Disable HTML in WordPress Comments
The default WordPress installation allows visitors to use HTML tags in the comment section. Even though these comments have rel=nofollow attribute enabled on default, it’s still safe to completely disallow HTML in the comment box. Use the following code to your functions.php in order to disallow HTML tags in the comment box .
add_filter( ‘pre_comment_content’, ‘esc_html’ );
Remove Excessive RSS Feeds
The WordPress installation generate multiples RSS feeds including blog feed, article feeds, comments feed, category feeds, archive feeds. Since these feeds are included in the HTML header of your blog pages, they are auto-discoverable.
If you want to remove other feeds from and keep your main RSS feed, add the following code to your functions.php file.
remove_action( ‘wp_head’, ‘feed_links’, 2 );
remove_action( ‘wp_head’, ‘feed_links_extra’, 3 );
Prevent WordPress from Guessing URLs
WordPress tends to guess URLs and does a shoddy job at that. For example, if someone types topleaguetech.com/hello and it’s not found, WordPress will redirect the user to topleaguetech.com/hello-world simply because the URLs have similar words in common even though they are contextually irrelevant.
Ideally, you want WordPress to throw a 404 Not Found error if a particular request is unavailable within your blog.
Use the following code on your functions.php file to enable WordPress to throw 404 Not Found errors whenever a requested URL is unavailable.
add_filter(‘redirect_canonical’, ‘stop_guessing’);
function stop_guessing($url) {
if (is_404()) {
return false;
}
return $url;
}
Get Rid of Admin Bar
Admin Bar is one of the default features on WordPress and it can be pretty annoying for some users when they are logged in to their WordPress.com account.
To remove the admin bar, add the following code to your functions.php file.
add_filter(‘show_admin_bar’, ‘__return_false’);
Add Brand Logo to RSS Feed
If you want to add a little branding to your RSS Feed by inserting an image logo to your articles, use the following snippet to your functions.php file.
function add_rss_logo($content) {
if(is_feed()) {
$content .= “<hr><a href=’blog_url’><img src=’logo_url’/></a>”;
}
return $content;
}
add_filter(‘the_content’, ‘add_rss_logo’);
add_filter(‘the_excerpt_rss’, ‘add_rss_logo’);
Chuck out WordPress Emojis
WordPress has recently added Emoji feature to enable users to use Emojis easily. If you don’t want to use emjois or emoctions, you might as well get rid of the additional files by using the following code in your functions.php file.
remove_action( ‘wp_head’, ‘print_emoji_detection_script’, 7 );
remove_action( ‘admin_print_scripts’, ‘print_emoji_detection_script’ );