Header Junk Remover

Header Junk Remover is a lightweight, no-settings plugin that cleans up the <head> section and headers of your WordPress site.

It removes outdated tags, redundant links, bloated scripts, and unnecessary headers that WordPress adds by default. The result: cleaner source code, faster page loads, less information leakage, and fewer HTTP requests.

What gets removed (and why it matters):

• RSD Link remove_action(‘wp_head’, ‘rsd_link’); Used for Really Simple Discovery (old remote editing). Not needed anymore.

• WordPress Generator remove_action(‘wp_head’, ‘wp_generator’); Hides your WP version. Avoids advertising it to bots/hackers.

• Feed Links remove_action(‘wp_head’, ‘feed_links’, 2); remove_action(‘wp_head’, ‘feed_links_extra’, 3); Removes auto-added RSS/Atom feed links. If you don’t use feeds, these are pointless.

• Relational Links (index, start, parent, adjacent posts) remove_action(‘wp_head’, ‘index_rel_link’); remove_action(‘wp_head’, ‘start_post_rel_link’, 10, 0); remove_action(‘wp_head’, ‘parent_post_rel_link’, 10, 0); remove_action(‘wp_head’, ‘adjacent_posts_rel_link’, 10, 0); remove_action(‘wp_head’, ‘adjacent_posts_rel_link_wp_head’, 10, 0); Removes old “previous/next” link metadata almost no browsers or crawlers use.

• Windows Live Writer Manifest remove_action(‘wp_head’, ‘wlwmanifest_link’); Dead tool support. Safe to remove.

• Shortlink Tags/Headers remove_action(‘wp_head’, ‘wp_shortlink_wp_head’, 10, 0); remove_action(‘template_redirect’, ‘wp_shortlink_header’, 11); Shortlink system is obsolete. Removing reduces clutter.

• REST API Discovery Link remove_action(‘wp_head’, ‘rest_output_link_wp_head’, 10); REST API still works, but no longer broadcast in headers.

• oEmbed Discovery + Scripts remove_action(‘wp_head’, ‘wp_oembed_add_discovery_links’, 10); remove_action(‘wp_head’, ‘wp_oembed_add_host_js’); Prevents WordPress from advertising oEmbed endpoints and loading extra JS.

• Resource Hints (dns-prefetch, preconnect) remove_action(‘wp_head’, ‘wp_resource_hints’, 2); Stops WP from auto-inserting DNS hints you may not control.

• Emoji Scripts and Styles remove_action(‘wp_head’, ‘print_emoji_detection_script’, 7); remove_action(‘wp_print_styles’, ‘print_emoji_styles’); Removes redundant emoji JS/CSS. Browsers already handle emojis natively.

• Global Styles (Block Editor/Gutenberg) remove_action(‘wp_head’, ‘wp_enqueue_global_styles’, 1); Prevents WP from injecting default CSS that bloats your source.

Extra Hardening:

• Disable XML-RPC add_filter(‘xmlrpc_enabled’, ‘__return_false’); Blocks XML-RPC protocol (commonly abused in brute force/DDoS attacks).

• Remove X-Pingback Header add_filter(‘wp_headers’, function($headers) { unset($headers[‘X-Pingback’]); return $headers; }); Stops WP from advertising its pingback URL.

• Turn off PHP Exposure (optional) @ini_set(‘expose_php’, ‘off’); Prevents PHP version disclosure in server headers.

Why this matters:

• Less clutter in your <head>
• Fewer HTTP requests and faster load times
• Less information leakage for bots/hackers
• Cleaner source code when you “View Source”
• Safer defaults without touching your theme files

If you find this plugin useful, consider supporting my work: 👉 Buy Me a Coffee