Sometimes you don’t want to broadcast to the world that your site is running on wordpress. Here are some steps to take to remove some of the “traces” of wordpress in your code.

Step 1: Update .htaccess

To mask the paths of your wp-content and theme directories in you will need to make some modifications to your .htaccess file. Place the following code at the top of your .htaccess at the root of your site.

 

# BEGIN REWRITES
<IfModule mod_rewrite.c>
RewriteEngine On
Options +FollowSymlinks
RewriteBase /
RewriteRule ^images/(.*)$ wp-content/themes/THEMNAME/images/$1 [PT]
RewriteRule ^css/(.*)$ wp-content/themes/THEMNAME/css/$1 [PT]
RewriteRule ^js/(.*)$ wp-content/themes/THEMNAME/js/$1 [PT]
RewriteRule ^uploads/(.*)$ wp-content/uploads/$1 [PT]
RewriteRule ^plugins/(.*)$ wp-content/plugins/$1 [PT]
</IfModule>
# END REWRITES

In your wp-config.php, add the following line to customize your plugin directory url.

 
define( 'WP_PLUGIN_URL', 'http://www.yoururlhere.com/plugins' );

Step 2: Modify functions.php

Get rid of pesky meta-data that wordpress leaves in your header with the following actions added to your theme’s functions.php.

 

  remove_action('wp_head', 'wp_generator');
  remove_action('wp_head', 'wlwmanifest_link');
  remove_action('wp_head', 'rsd_link');
  

Step 3: Remove html comments from plugins you use.

Some wordpress plugins leave behind html comments such as “powered by such-and-such”. It is generally assumed that you will leave in those comments as free advertising for the plugin author, but you are allowed to remove them if you like in almost every case.

Step 4: Modify wp-admin path

Add the following to your .htaccess file. Fully documented here

 
RewriteCond %{REQUEST_URI} wp-admin/
RewriteCond %{QUERY_STRING} !YOURSECRETWORDHERE
RewriteRule .*\.php [F,L]
RewriteCond %{QUERY_STRING} !YOURSECRETWORDHERE
RewriteRule ^ADMINFOLDER/(.*) wp-admin/$1?%{QUERY_STRING}&YOURSECRETWORDHERE [L]