How to hide WordPress

Alongside the functionality we provide with minification and replacing the WordPress default paths, we implemented some additional features to disable certain WordPress functions that aren't needed in a static WordPress setup.

How to set it up

Move to Simply Static -> Settings -> Optimize -> Hide in your admin area.

You will see a list of settings that can be enabled or disabled to disable and hide certain WordPress features.

Hide

We start with the "Hide" section of the settings. Enabling the toggle will remove the feature from your static site's generated HTML. We now go over each setting and briefly explain what this feature is used for in WordPress and why you don't need it on your static site.

Hide REST API URLs

The URL to the WordPress Rest API is exposed within your website's HTML, and for good reason—it needs to be available to perform actions via API and JavaScript on the front end.

However, with Simply Static, we settled on using webhooks instead for all the dynamic parts, so you don't need that anymore when going static.

Hide Style/Script IDs

This will remove the IDs from assets to avoid unnecessary versioning/cache busting when going static. You want to embed your scripts in a permanent way to increase your website's cache rate as much as possible for improved performance.

Hide HTML Comments

Remove the comments dynamically added to the HTML output to hide the fact that you are using certain plugins, like Yoast SEO.

Hide WordPress version

Removes the current WordPress version from the HTML output.

Hide WordPress Generator Meta

This removes meta fields inside of your code referencing WordPress specifics. This will not touch SEO-related meta fields like description, title, or keywords.

Hide DNS Prefetch WordPress Link

WordPress provides a pretty basic integration to prefetch URLs while hovering over a link. While the idea behind it is great, it doesn't work very well for most scenarios.

Hide RSD Header

RSD means Real Simple Discovery - a protocol aimed to ease collaboration through comments and pingbacks back in the day - now it's a common target for hackers to add spam comments and fake pingbacks.

Hide Emojis

This removes the code that embeds emoji support in WordPress.

Disable

The disable section provides features to completely remove certain functionality from WordPress that makes no sense in a static WordPress environment.

It's not only hiding or removing JavaScript code from the website; it completely disables features via PHP.

XML-RPC

Before the Rest API was introduced, WordPress relied on the XML-RPC API to allow interactions from the outside. Because of backward compatibility, it's still part of the core but no longer used in the latest versions.

Embed Scripts

These are the scripts used to embed Twitter or Youtube (or one of the other services) into your website - including auto-formatting and styling.

DB Debug in Frontend

This makes sure you are not outputting any debugging messages on the frontend of your website.

WLW Manifest Scripts

WLW, or Windows Live Writer application, was (it's discontinued) a service similar to XML sitemaps but for Bing. It is no longer used in WordPress but is still there for backward compatibility.