Hide WP
What you need: Simply Static Pro
Simply Static can rename WordPress's default paths and strip out the little fingerprints that reveal a site is built on WordPress. You'll find it all under Simply Static > Hide WP, organized into three sections: Replace, Hide, and Disable.
One honest note up front: these options mostly make your static output look cleaner and remove the obvious "this is WordPress" signals. They are not a security measure on their own.
Replace
Rename the default WordPress directories and URLs in your static output.

- WP-content directory: the folder that holds your plugins, themes, and uploads. Rename it to something like
content. If you leave it empty, Simply Static falls back towp-content. - WP-includes directory: a WordPress core folder. You could rename it to something like
coreon your static site. - Uploads directory: the
wp-content/uploadsfolder, which is one of the most common giveaways that a site runs WordPress. A popular replacement ismedia. - Plugins directory: the
wp-content/pluginsfolder, for exampleaddons. - Themes directory: the
wp-content/themesfolder, for exampletemplates.
The uploads, plugins, and themes fields are relative to wp-content , which is why that part of the path is fixed, and you only set the final folder name. These three also work independently of the WP-content rename above, so the wp-content/ prefix stays even if you renamed the WP-content directory itself.
- Theme Style Name: every WordPress theme has a
style.css, which is another WordPress tell. Rename it to something likeindex.css, and Simply Static updates the references in your HTML automatically. - Author URL: replace the slug WordPress uses for author archive URLs (
authorby default).
A common full configuration is content , core , media , addons , templates , and index.css , which together hide the WordPress origin of the static site.
Hide
Remove WordPress-specific tags and headers from your HTML output. Each toggle strips one fingerprint.

- Hide WordPress Version: removes the WordPress version from the HTML.
- Hide WordPress Generator Meta: removes the generator meta tag that references WordPress. This leaves SEO meta tags like title and description untouched.
- Hide DNS Prefetch WordPress link: removes WordPress's DNS-prefetch hint, which isn't much use on a static site.
- Hide RSD Header: removes the Really Simple Discovery header. RSD was an old protocol for comments and pingbacks, and today it's mostly a target for spam.
Disable
Where the Hide section strips things from the HTML output, the Disable section switches WordPress features off at the PHP level. These are features a static site simply doesn't need.
- Disable XML-RPC: the legacy remote API that predates the REST API and is no longer used in modern WordPress.
- Disable Embed Scripts: the scripts that auto-embed services like YouTube and Twitter/X. Check your pages for embeds before turning this on.
- Disable DB Debug in Frontend: stops database debug messages from ever appearing on the front end.
- Disable WLW Manifest Scripts: removes the Windows Live Writer manifest, which is no longer supported.
- Disable Emojis: removes WordPress's emoji support script.
As a rule of thumb, it's safe to enable all of the Disable options, with one exception: only turn on Disable Embed Scripts after you've confirmed you don't rely on embeds like YouTube.
Applying your settings
These replacements and removals happen during a push. Click Save Settings, then Push, and the changes are applied on the fly as your static site is built.