Best WordPress Code Snippets for Performance & Security
Give your WordPress site a boost with these powerful code snippets that you can add to your functions.php file, or use with WPCode – The Best WordPress Code Snippets Plugin, Code Snippets for WordPress, or WPCode – Insert Headers and Footers + Custom Code.
1. Hiding the WordPress Admin Bar
The admin bar in WordPress appears at the top of the screen when you log in. Administrators appreciate it, but other roles may not need it. This following PHP hides the admin bar for all other roles but keeps it visible for administrators, giving a neater front-end look.
<?php
add_filter('show_admin_bar', '__return_false');
?>Alternative: Hide Admin Bar for Non-Administrators Only
<?php
add_filter('show_admin_bar', function() {
return current_user_can('administrator');
});
?>2. Remove WordPress Version Number
By default, the version number of WordPress is displayed in the source code on the page, making it easy for hackers to exploit known vulnerabilities. This script hides the version number for added security.
<?php
function altwp_remove_wp_version() {
return '';
}
add_filter('the_generator', 'altwp_remove_wp_version');
?>3. Custom Login Logo
Replace the default WordPress login logo with your own custom brand logo to make your login process more professional and branded. If you are using a child theme, the logo will be loaded from the child theme directory using get_stylesheet_directory_uri(). If you are using the parent theme, it will be loaded from the parent theme directory using get_template_directory_uri().
<?php
function altwp_login_logo() {
?>
<style type="text/css">
.login h1 a {
background-image: url('<?php echo get_stylesheet_directory_uri(); ?>/assets/images/altwp-logo-url.png') !important;
background-size: contain;
width: 100%;
height: 80px;
display: block;
}
</style>
<?php
}
add_action('login_head', 'altwp_login_logo');
?>4. Enable SVG Uploads
WordPress does not support SVG uploads by default due to security concerns. This snippet allows SVG uploads safely, so you can use scalable vector images.
<?php
function allow_svg_upload($mimes) {
$mimes['svg'] = 'image/svg+xml';
return $mimes;
}
add_filter('upload_mimes', 'allow_svg_upload');
?>5. Disable Gutenberg Editor
Many users prefer the Classic Editor over Gutenberg. This snippet disables the block editor, restoring the traditional editing experience.
<?php
add_filter('use_block_editor_for_post', '__return_false');
?>6. Change Excerpt Length
Control the length of post excerpts by setting a custom word count.
<?php
function custom_altwp_excerpt_length($length) {
return 20;
}
add_filter('excerpt_length', 'custom_altwp_excerpt_length');
?>7. Redirect Users After Login
Redirect users to a custom page (e.g., a dashboard) after they log in, providing a better user flow.
<?php
function redirect_after_login($redirect_to, $request, $user) {
return home_url('/dashboard');
}
add_filter('login_redirect', 'redirect_after_login', 10, 3);
?>8. Disable XML-RPC
XML-RPC is often targeted by hackers for brute-force attacks. This snippet disables it for security reasons.
<?php
add_filter('xmlrpc_enabled', '__return_false');
?>9. Custom Maintenance Mode
Enable maintenance mode, displaying a custom message for non-admin users.
<?php
function altwp_maintenance_mode() {
if (!current_user_can('edit_themes')) {
wp_die('Maintenance Mode: Please check it later.');
}
}
add_action('get_header', 'altwp_maintenance_mode');
?>10. Remove WordPress Emojis
Disable unnecessary emoji scripts to improve site performance.
<?php
remove_action('wp_head', 'print_emoji_detection_script', 7);
remove_action('wp_print_styles', 'print_emoji_styles');
?>20. Disable WordPress Heartbeat API
The Heartbeat API can increase server load. This snippet disables it to optimize performance.
<?php
function altwp_stop_heartbeat() {
wp_deregister_script('heartbeat');
}
add_action('init', 'altwp_stop_heartbeat', 1);
?>
Join the conversation