Header Junk Remover

Header Junk Remover is a lightweight, no-settings plugin that cleans up the section and headers of your WordPress site.

It removes outdated tags, redundant links, bloated scripts, and unnecessary headers that WordPress adds by default. The result: cleaner source code, faster page loads, less information leakage, and fewer HTTP requests.

What gets removed (and why it matters):

• RSD Link
  remove_action(‘wp_head’, ‘rsd_link’);
  Used for Really Simple Discovery (old remote editing). Not needed anymore.

• WordPress Generator
  remove_action(‘wp_head’, ‘wp_generator’);
  Hides your WP version. Avoids advertising it to bots/hackers.

• Feed Links
  remove_action(‘wp_head’, ‘feed_links’, 2);
  remove_action(‘wp_head’, ‘feed_links_extra’, 3);
  Removes auto-added RSS/Atom feed links. If you don’t use feeds, these are pointless.

• Relational Links (index, start, parent, adjacent posts)
  remove_action(‘wp_head’, ‘index_rel_link’);
  remove_action(‘wp_head’, ‘start_post_rel_link’, 10, 0);
  remove_action(‘wp_head’, ‘parent_post_rel_link’, 10, 0);
  remove_action(‘wp_head’, ‘adjacent_posts_rel_link’, 10, 0);
  remove_action(‘wp_head’, ‘adjacent_posts_rel_link_wp_head’, 10, 0);
  Removes old “previous/next” link metadata almost no browsers or crawlers use.

• Windows Live Writer Manifest
  remove_action(‘wp_head’, ‘wlwmanifest_link’);
  Dead tool support. Safe to remove.

• Shortlink Tags/Headers
  remove_action(‘wp_head’, ‘wp_shortlink_wp_head’, 10, 0);
  remove_action(‘template_redirect’, ‘wp_shortlink_header’, 11);
  Shortlink system is obsolete. Removing reduces clutter.

• REST API Discovery Link
  remove_action(‘wp_head’, ‘rest_output_link_wp_head’, 10);
  REST API still works, but no longer broadcast in headers.

• oEmbed Discovery + Scripts
  remove_action(‘wp_head’, ‘wp_oembed_add_discovery_links’, 10);
  remove_action(‘wp_head’, ‘wp_oembed_add_host_js’);
  Prevents WordPress from advertising oEmbed endpoints and loading extra JS.

• Resource Hints (dns-prefetch, preconnect)
  remove_action(‘wp_head’, ‘wp_resource_hints’, 2);
  Stops WP from auto-inserting DNS hints you may not control.

• Emoji Scripts and Styles
  remove_action(‘wp_head’, ‘print_emoji_detection_script’, 7);
  remove_action(‘wp_print_styles’, ‘print_emoji_styles’);
  Removes redundant emoji JS/CSS. Browsers already handle emojis natively.

• Global Styles (Block Editor/Gutenberg)
  remove_action(‘wp_head’, ‘wp_enqueue_global_styles’, 1);
  Prevents WP from injecting default CSS that bloats your source.

Extra Hardening:

• Disable XML-RPC
  add_filter(‘xmlrpc_enabled’, ‘__return_false’);
  Blocks XML-RPC protocol (commonly abused in brute force/DDoS attacks).

• Remove X-Pingback Header
  add_filter(‘wp_headers’, function($headers) { unset($headers[‘X-Pingback’]); return $headers; });
  Stops WP from advertising its pingback URL.

• Turn off PHP Exposure (optional)
  @ini_set(‘expose_php’, ‘off’);
  Prevents PHP version disclosure in server headers.

Why this matters:

• Less clutter in your
• Fewer HTTP requests and faster load times
• Less information leakage for bots/hackers
• Cleaner source code when you “View Source”
• Safer defaults without touching your theme files

If you find this plugin useful, consider supporting my work:
👉 Buy Me a Coffee

1. Upload the plugin files to /wp-content/plugins/header-junk-remover, or install via the WordPress Plugins screen.
2. Activate the plugin.
3. Done — no settings required.

1.0.2

• Added support/donate link (Buy Me a Coffee).
• Documentation updated.

1.0.1

• Initial public release.
• Removed generator, RSD link, WLW manifest, shortlink, REST API link, emoji scripts/styles, relational links, oEmbed, resource hints, global styles.
• Added security hardening: disable XML-RPC, remove X-Pingback, disable PHP expose.