Several opinionated WordPress tweaks focused in security and performance.
- Produces clean filenames for uploads
- Change admin footer text
- Disable author page and author search by url
- Disable emoji mess
- Disable “meta widget”
- Disable WP REST API public access
- Disable “website” field from comment form
- Disable wp embed
- Disable xmlrpc.php
- Show admin bar for admin users only
- Hide WordPress update nag to all but admins
- Remove “WordPress logo” from admin bar
- Remove “+ New” button from admin bar
- Remove some dashboard widgets
- Remove <link rel=”shortlink” >
- Remove dashboard “welcome panel”
- Remove WordPress version number in <head>
- and more…
Note: is possible disable any feature.
Support this plugin on https://luizpb.com/donate/
- Install the plugin through the WordPress plugins screen directly.
- Activate the plugin through the “Plugins” screen in WordPress.
- Go to Settings > Tweaks to configure the plugin.
Contributors & Developers
“WP Tweaks” is open source software. The following people have contributed to this plugin.Contributors
1.9.2 – 2023-01-18
- Fix settings link.
1.9.1 – 2023-01-11
- Removed “Disallow your site in iframes” option. Utilize the “Security Headers” option instead.
1.9.0 – 2023-01-10
- Feature: Disable jQuery Migrate (enabled by default).
- Feature: Security Headers (disabled by default).
- Tweak: improve some options.
1.8.0 – 2022-12-11
- Security: Now is possible disallow to render your site in a
<object>outside of your site. Useful to avoid click-jacking attacks.
- Security: Now is possible disable the
/usersendpoint in the REST API, to prevent users enumeration.
1.7.1 – 2022-07-29
- Fix: Option ‘Remove Dashboard “welcome panel”‘ was not working.
- Misc: Improve colors on warning about debug constants.
1.7.0 – 2022-07-29
- Security: Now is possible display a generic error message when a user fails to login (instead of hints). This option is enabled by default.
- Misc: Now is possible change the menu “Posts” to “Blog”. This option is disabled by default.
- Security: The plugin now warns administrators that some WordPress constants (like WP_DEBUG) are enabled. This option is ALWAYS enabled.
- Tested with WordPress 6.0
1.6.0 – 2022-04-27
- Tested with WordPress 5.9
- Now is possible to remove ‘Comments’ from admin bar (default: Off)
- Now the option “Remove oEmbed support” is Off by default
- Improved and fixed portuguese translation
- Small enchantments
1.5.1 – 2021-03-26
- Fix disallow file edit setting
- Now is possible to disable author query and author pages separately
1.5.0 – 2020-04-19
- New Feature: Disallow file edit
1.4.0 – 2020-04-18
- New Feature: remove “Howdy” from admin bar
1.3.2 – 2020-04-18
- Fixed: Can not disable some options
1.3.1 – 2020-04-18
- Fix PHP Warning
1.3.0 – 2020-04-18
- Removed “jQuery CDN” option
1.2.0 – 2018-10-16
- New Feature: hide WordPress version in admin footer
- Tweak: jQuery default version now is 2.2.4
- Tweak: added description to informs the jQuery stable versions
- Tweak: informs that jQuery Migrate also is disabled when using jQuery from CDN
- Fix typos
1.1.0 – 2018-07-18
- New Feature: dashboard page with only one column
- Fix some typos
1.0.0 – 2018-05-23
- Initial release.