php Wordpress 4.7.x头部清理脚本
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了php Wordpress 4.7.x头部清理脚本相关的知识,希望对你有一定的参考价值。
# Deny/Block xmlrpc.php requests
<files xmlrpc.php>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order allow,deny
Deny from all
</IfModule>
</files>
# Deny/Block wlwmanifest.xml requests
<files wlwmanifest.xml>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order allow,deny
Deny from all
</IfModule>
</files>
<?php
/**
* Created by jamiesonroberts
* Date: 2017-04-08
*/
/**
* Removes security vulnerabilities, extraneous styles and scripts,
* as well as related resource inclusions for Wordpress 4.7.x
*
* All actions have been broken up into their related groupings with comments
* as to what each grouping affects and any specific notes.
*/
function removeHeadLinks()
{
/**
* Disables all RSS based feed links from being output.
* See line 70 for function to completely disable feeds from being accessible.
*/
remove_action('wp_head', 'feed_links_extra', 3);
remove_action('wp_head', 'feed_links', 2);
/**
* Disables RSD and WLM endpoint exposure.
* See attached .htaccess to restrict access to these files
*/
remove_action('wp_head', 'rsd_link');
remove_action('wp_head', 'wlwmanifest_link');
/**
* Disables adjacent posts links.
*/
remove_action('wp_head', 'adjacent_posts_rel_link', 10, 0);
/**
* Removes security issue of broadcasting the Wordpress version installed.
*/
remove_action('wp_head', 'wp_generator');
/**
* Removes REST API and oEmbed link references. Does not stop you from using the RESTful API,
* just removes the broadcasting of it.
*/
remove_action('wp_head', 'rest_output_link_wp_head');
remove_action('wp_head', 'wp_oembed_add_discovery_links');
/**
* Removes pre-fetching header for external sources such as the Emoji CDN.
*/
remove_action('wp_head', 'wp_resource_hints', 2);
/**
* Removes all styles and scripts related to inline Emoji detection and conversion.
*/
remove_action('wp_head', 'print_emoji_detection_script', 7);
remove_action('wp_print_styles', 'print_emoji_styles');
remove_action('admin_print_scripts', 'print_emoji_detection_script');
remove_action('admin_print_styles', 'print_emoji_styles');
}
add_action('init', 'removeHeadLinks');
/**
* Ensures that if the feeds are hidden, they are no longer accessible.
* Code for redirect is courtesy of https://github.com/solarissmoke
* Only thing that has been done to it is conversion from a php class and cleaning up
* the look of the code.
*/
function feedTemplateRedirect()
{
/**
* Only proceed if current query is for a feed.
*/
if (!is_feed()) {
return;
}
if (isset($_GET['feed'])) {
wp_redirect(esc_url_raw(remove_query_arg('feed')), 301);
exit;
}
if (get_query_var('feed') !== 'old') {
set_query_var('feed', '');
}
redirect_canonical();
/**
* Still here? redirect_canonical failed to redirect, probably because of a filter. Try the hard way.
*/
global $wp_rewrite;
$structure = (!is_singular() && is_comment_feed()) ?
$wp_rewrite->get_comment_feed_permastruct() : $wp_rewrite->get_feed_permastruct();
$structure = preg_quote($structure, '#');
$structure = str_replace('%feed%', '(\w+)?', $structure);
$structure = preg_replace('#/+#', '/', $structure);
$requested_url = (is_ssl() ? 'https://' : 'http://') . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
$new_url = preg_replace('#' . $structure . '/?$#', '', $requested_url);
if ($new_url != $requested_url) {
wp_redirect($new_url, 301);
exit;
}
}
add_action('template_redirect', 'feedTemplateRedirect', 1);
/**
* If Yoast SEO is installed, remove html comments that expose version information.
* Remove function is courtesy of https://github.com/trajche
*/
if (defined('WPSEO_VERSION')) {
add_action('get_header', function () {
ob_start('remove_yoast');
});
add_action('wp_head', function () {
ob_end_flush();
}, 999);
}
function remove_yoast($output)
{
$targets = array(
'<!-- This site is optimized with the Yoast WordPress SEO plugin v' . WPSEO_VERSION . ' - https://yoast.com/wordpress/plugins/seo/ -->',
'<!-- / Yoast WordPress SEO plugin. -->',
'<!-- This site uses the Google Analytics by Yoast plugin v' . GAWP_VERSION . ' - https://yoast.com/wordpress/plugins/google-analytics/ -->',
'<!-- / Google Analytics by Yoast -->'
);
$output = str_ireplace($targets, '', $output);
$output = trim($output);
$output = preg_replace('/\n?<.*?yoast.*?>/mi', '', $output);
return $output;
}
以上是关于php Wordpress 4.7.x头部清理脚本的主要内容,如果未能解决你的问题,请参考以下文章