martes, 1 de diciembre de 2009

Strip wp_head in Wordpress

The wp_head() call in the header of most themes is an invitation for Wordpress to start inserting code into your nice tidy head.

However, we are of the opinon that if you don't need it, get rid of it. If you view the source of this site, you will see that we have removed the rsd link, the wml manifest link and the generator link. We're not using them, so we don't need them.

In addition, many Wordpress security blogs recommend removing the generator tag as it reveals the version of Wordpress you are using. So, say the good people at Wordpress discover a major security flaw in version 2.6 and you haven't upgraded to 2.7 yet, anyone with a knowledge of the flaw knows that your site is vulnerable.

So, how do we remove these pesky tags? Simply add the following to your themes functions.php file:


function striphead() {
remove_action('wp_head', 'rsd_link');
remove_action('wp_head', 'wlwmanifest_link');
add_filter('the_generator', 'no_generator');
}
function no_generator() {
return '';
}
add_action('init', 'striphead');

No hay comentarios:

Publicar un comentario