I want to consider removing the next <link> files from the <head> section of my website:
...wp-json
...xmlrpc.php?rsd
...wlwmanifest.xml
But I don't really know how would this may affect my wordpress site - I don't use any plugins at all - and how to actually remove them efficiently, because while googling, I notice there's some "headers"(I think HTTP-Headers) that remain after removing the xmlrpc.php?rds, for example. But perhaps it may affect in some other way too. I can't tell.
I also found the following lines of code, to remove the wlwmanifest and wp-json:
remove_action('wp_head', 'wlwmanifest_link');
remove_action( 'wp_head', 'rest_output_link_wp_head');
remove_action( 'wp_head', 'wp_oembed_add_discovery_links');
remove_action( 'template_redirect', 'rest_output_link_header', 11, 0 );
It does remove the files wlwmanifest and wp-json, but the xml is remained and as I know now, it's dangerous from the sense of the hacker-attacks. Also, I don't really know if I should use this code above or should something else instead.
Hopefully you could help me with this, thanks
I want to consider removing the next <link> files from the <head> section of my website:
...wp-json
...xmlrpc.php?rsd
...wlwmanifest.xml
But I don't really know how would this may affect my wordpress site - I don't use any plugins at all - and how to actually remove them efficiently, because while googling, I notice there's some "headers"(I think HTTP-Headers) that remain after removing the xmlrpc.php?rds, for example. But perhaps it may affect in some other way too. I can't tell.
I also found the following lines of code, to remove the wlwmanifest and wp-json:
remove_action('wp_head', 'wlwmanifest_link');
remove_action( 'wp_head', 'rest_output_link_wp_head');
remove_action( 'wp_head', 'wp_oembed_add_discovery_links');
remove_action( 'template_redirect', 'rest_output_link_header', 11, 0 );
It does remove the files wlwmanifest and wp-json, but the xml is remained and as I know now, it's dangerous from the sense of the hacker-attacks. Also, I don't really know if I should use this code above or should something else instead.
Hopefully you could help me with this, thanks
If you don't use any 3rd services such as XMLRPC | REST API | oEmbed | Windows Live Writer, removing those lines/headers doesn't affect anything to your site.
Those lines of code is the best way to archive what you want. To remove xmlrpc.php?rds, you need another line:
remove_action('wp_head', 'rsd_link');
Put all of them in your functions.php or some where so that they are called before the wp_head action is fired.
To answer @uhrr 's comment, you may have to add in the .htaccess file :
<Files xmlrpc.php>
order deny,allow
deny from all
</Files>