WordPress defaults to 10 posts per page. You can change this for all archives or a specific one. Add to your functions.php file. For more on adding pagination.
add_action( 'pre_get_posts', function( $query ) {
if ( ! is_admin() && $query->is_main_query() && $query->is_home() ) {
$query->set( 'posts_per_page', 12 );
}
} );Replace is_home() with is_archive() or is_post_type_archive('your_cpt') as needed.
WordPress displays “Thank you for creating with WordPress” at the bottom of the admin. You can remove or replace the text. Add to your functions.php file. For more on WordPress hooks.
add_filter( 'admin_footer_text', '__return_empty_string' );
add_filter( 'update_footer', '__return_empty_string', 11 );WordPress saves revisions of every post by default. Limiting the number saves database space. Add to your wp-config.php file (before “That’s all, stop editing!”). For more on improving performance.
define( 'WP_POST_REVISIONS', 3 );Set 0 to disable completely or a number (e.g. 3-5) to limit.
WordPress loads wp-block-library.css on every page, even when the site does not use blocks. If your theme does not use Gutenberg blocks, you can remove it. Add to your functions.php file. For more on CSS optimization.
add_action( 'wp_enqueue_scripts', function() {
wp_dequeue_style( 'wp-block-library' );
wp_dequeue_style( 'wp-block-library-theme' );
wp_dequeue_style( 'global-styles' );
}, 100 );Note: If the page has block content, the CSS may break.
WordPress adds REST API links (wp-json) to wp_head. If you do not need public API access, remove the links. Add to your functions.php file. For more on securing the REST API.
remove_action( 'wp_head', 'rest_output_link_wp_head' );
remove_action( 'wp_head', 'wp_oembed_add_discovery_links' );
remove_action( 'template_redirect', 'rest_output_link_header', 11 );WordPress automatically updates minor versions. If you prefer to control updates manually, add the code. For more on disabling automatic updates.
define( 'AUTOMATIC_UPDATER_DISABLED', true );
add_filter( 'auto_update_core', '__return_false' );
add_filter( 'auto_update_plugin', '__return_false' );
add_filter( 'auto_update_theme', '__return_false' );Add lines 2-4 to functions.php. Add line 1 to wp-config.php.
WordPress adds ?ver=X.X to CSS and JS files. Removing the version parameter can improve caching. Add to your functions.php file. For more tips on removing scripts and styles.
add_filter( 'script_loader_src', function( $src ) {
return remove_query_arg( 'ver', $src );
}, 15, 1 );
add_filter( 'style_loader_src', function( $src ) {
return remove_query_arg( 'ver', $src );
}, 15, 1 );WordPress adds logged-in to the body when a user is logged in, but only in the admin. The following code adds a class on the frontend too. Useful for custom styling or showing different content. For more on WordPress hooks and filters.
add_filter( 'body_class', function( $classes ) {
if ( is_user_logged_in() ) {
$classes[] = 'logged-in-user';
}
return $classes;
} );XML-RPC allows remote connections to your WordPress site (e.g. from the app or for Pingbacks). Most sites do not need it, and it can be exploited. To disable, add to your functions.php file. For more tips on securing your WordPress site.
add_filter( 'xmlrpc_enabled', '__return_false' );The WordPress REST API is public by default. If you do not need public access, restrict it to logged-in users. Add to your functions.php file. For more ways to secure the WordPress REST API.
add_filter( 'rest_authentication_errors', function( $result ) {
if ( ! is_user_logged_in() ) {
return new WP_Error( 'rest_not_logged_in', 'You must be logged in.', array( 'status' => 401 ) );
}
return $result;
} );