8 Smart Tweaks for a Better WordPress Blog

According to Forbes, a whopping 30,000 websites are hacked on a daily basis thanks to their bad hosting practices. Even as the team at WordPress is constantly hard at work to strengthen the security of their software, it makes a lot of sense to optimize it further for added security. If you’re launching a self-hosted WordPress site anytime soon, be sure to check out the following tweaks to make your installation secure.

Building a self-hosted WordPress website is easy but, as a WordPress developer, you should know how to make your installation safe and secure so you can protect it from potential hackers. Even as the team at WordPress is constantly hard at work to strengthen the security of their software, it makes a lot of sense to optimize it further for added security. Similarly, WordPress ships with a few features that are rather unnecessary.

The following coding snippets in the functions.php file of your theme will help you experience better WordPress.

Remove Meta Tags from WordPress Header

Hackers always look for WordPress blogs and sites that are running on older software or less secure versions. It’s easy for them to look at the HTML source code of your website and find which version of WordPress your website is running on. The default WordPress installation carries the following meta tags in its header, which tells the hacker if your website is running on an older version of WordPress software.

<meta name=”generator” content=”WordPress 4.1″ />

Add the following lines of code to your functions.php file of theme folder and remove the meta tags from WordPress header.

remove_action( ‘wp_head’, ‘wp_generator’ ) ;
remove_action( ‘wp_head’, ‘wlwmanifest_link’ ) ;
remove_action( ‘wp_head’, ‘rsd_link’ ) ;

Disable HTML in WordPress Comments

The default WordPress installation allows visitors to use HTML tags in the comment section. Even though these comments have rel=nofollow attribute enabled on default, it’s still safe to completely disallow HTML in the comment box. Use the following code to your functions.php in order to disallow HTML tags in the comment box .

add_filter( ‘pre_comment_content’, ‘esc_html’ );

Remove Excessive RSS Feeds

The WordPress installation generate multiples RSS feeds including blog feed, article feeds, comments feed, category feeds, archive feeds. Since these feeds are included in the HTML header of your blog pages, they are auto-discoverable.

If you want to remove other feeds from and keep your main RSS feed, add the following code to your functions.php file.

remove_action( ‘wp_head’, ‘feed_links’, 2 );
remove_action( ‘wp_head’, ‘feed_links_extra’, 3 );

Prevent WordPress from Guessing URLs

WordPress tends to guess URLs and does a shoddy job at that. For example, if someone types topleaguetech.com/hello and it’s not found, WordPress will redirect the user to topleaguetech.com/hello-world simply because the URLs have similar words in common even though they are contextually irrelevant.

Ideally, you want WordPress to throw a 404 Not Found error if a particular request is unavailable within your blog.

Use the following code on your functions.php file to enable WordPress to throw 404 Not Found errors whenever a requested URL is unavailable.

add_filter(‘redirect_canonical’, ‘stop_guessing’);
function stop_guessing($url) {
if (is_404()) {
return false;
return $url;

Get Rid of Admin Bar

Admin Bar is one of the default features on WordPress and it can be pretty annoying for some users when they are logged in to their WordPress.com account.

To remove the admin bar, add the following code to your functions.php file.

add_filter(‘show_admin_bar’, ‘__return_false’);

Add Brand Logo to RSS Feed

If you want to add a little branding to your RSS Feed by inserting an image logo to your articles, use the following snippet to your functions.php file.

function add_rss_logo($content) {
if(is_feed()) {
$content .= “<hr><a href=’blog_url’><img src=’logo_url’/></a>”;
return $content;
add_filter(‘the_content’, ‘add_rss_logo’);
add_filter(‘the_excerpt_rss’, ‘add_rss_logo’);

Chuck out WordPress Emojis

WordPress has recently added Emoji feature to enable users to use Emojis easily. If you don’t want to use emjois or emoctions, you might as well get rid of the additional files by using the following code in your functions.php file.

remove_action( ‘wp_head’, ‘print_emoji_detection_script’, 7 );
remove_action( ‘admin_print_scripts’, ‘print_emoji_detection_script’ );

About Susanta Sahoo

I'm the founder and content marketing head at Top League. Our team can help you build great content that helps you rank high on Google and generate high-quality leads. Get in touch with us and let's discuss your project. I'm on LinkedIn & Twitter, just so you know.