Header Junk Remover is a lightweight, no-settings plugin that cleans up the section and headers of your WordPress site.
It removes outdated tags, redundant links, bloated scripts, and unnecessary headers that WordPress adds by default. The result: cleaner source code, faster page loads, less information leakage, and fewer HTTP requests.
What gets removed (and why it matters):
-
RSD Link
remove_action(『wp_head』, 『rsd_link』);
Used for Really Simple Discovery (old remote editing). Not needed anymore. -
WordPress Generator
remove_action(『wp_head』, 『wp_generator』);
Hides your WP version. Avoids advertising it to bots/hackers. -
Feed Links
remove_action(『wp_head』, 『feed_links』, 2);
remove_action(『wp_head』, 『feed_links_extra』, 3);
Removes auto-added RSS/Atom feed links. If you don』t use feeds, these are pointless. -
Relational Links (index, start, parent, adjacent posts)
remove_action(『wp_head』, 『index_rel_link』);
remove_action(『wp_head』, 『start_post_rel_link』, 10, 0);
remove_action(『wp_head』, 『parent_post_rel_link』, 10, 0);
remove_action(『wp_head』, 『adjacent_posts_rel_link』, 10, 0);
remove_action(『wp_head』, 『adjacent_posts_rel_link_wp_head』, 10, 0);
Removes old 「previous/next」 link metadata almost no browsers or crawlers use. -
Windows Live Writer Manifest
remove_action(『wp_head』, 『wlwmanifest_link』);
Dead tool support. Safe to remove. -
Shortlink Tags/Headers
remove_action(『wp_head』, 『wp_shortlink_wp_head』, 10, 0);
remove_action(『template_redirect』, 『wp_shortlink_header』, 11);
Shortlink system is obsolete. Removing reduces clutter. -
REST API Discovery Link
remove_action(『wp_head』, 『rest_output_link_wp_head』, 10);
REST API still works, but no longer broadcast in headers. -
oEmbed Discovery + Scripts
remove_action(『wp_head』, 『wp_oembed_add_discovery_links』, 10);
remove_action(『wp_head』, 『wp_oembed_add_host_js』);
Prevents WordPress from advertising oEmbed endpoints and loading extra JS. -
Resource Hints (dns-prefetch, preconnect)
remove_action(『wp_head』, 『wp_resource_hints』, 2);
Stops WP from auto-inserting DNS hints you may not control. -
Emoji Scripts and Styles
remove_action(『wp_head』, 『print_emoji_detection_script』, 7);
remove_action(『wp_print_styles』, 『print_emoji_styles』);
Removes redundant emoji JS/CSS. Browsers already handle emojis natively. -
Global Styles (Block Editor/Gutenberg)
remove_action(『wp_head』, 『wp_enqueue_global_styles』, 1);
Prevents WP from injecting default CSS that bloats your source.
Extra Hardening:
-
Disable XML-RPC
add_filter(『xmlrpc_enabled』, 『__return_false』);
Blocks XML-RPC protocol (commonly abused in brute force/DDoS attacks). -
Remove X-Pingback Header
add_filter(『wp_headers』, function($headers) { unset($headers[『X-Pingback』]); return $headers; });
Stops WP from advertising its pingback URL. -
Turn off PHP Exposure (optional)
@ini_set(『expose_php』, 『off』);
Prevents PHP version disclosure in server headers.
Why this matters:
- Less clutter in your
- Fewer HTTP requests and faster load times
- Less information leakage for bots/hackers
- Cleaner source code when you 「View Source」
- Safer defaults without touching your theme files
If you find this plugin useful, consider supporting my work:
👉 Buy Me a Coffee
