Disabling select features in WordPress

One of the new features arriving in WordPress 4.4 will be the ability to embed posts from a self-hosted WordPress blog  into oEmbed consumers such as another WordPress blog. Like this.

Feature Plugin Merge Proposal: oEmbed

Neat huh? I like it, though I haven’t been able to do the same with my own posts yet. This feature will be on by default in 4.4 though it could be disabled via a plugin.

What if you want to disable all the new features?

When a new feature is rolled out, it is enabled by default. That makes sense as no one adopts a feature that is disabled. But new features are not for everyone and you can control that via a plugin.

Why a plugin? Because it’s supportable. It doesn’t need to be a plugin, it could be a simple line of code in your child theme’s functions.php file.

Going in no particular order:

Disable oEmbed provider

This only applies to WordPress 4.4 (not released yet) but install and activate Pascal Birchler’s Disbable oEmbeds plugin. That will eliminate the capability for your site to be an oEmbed provider.

Disable XML-RPC

You could use a plugin but it’s one line of code. Edit your child theme’s functions.php file and add this one line.

add_filter( 'xmlrpc_enabled', '__return_false' );

Done.

Disable emoji support

Install and activate Otto’s Classic Smilies plugin. Otto doesn’t appreciate emojis either and as an added benefit you get back the classic smilies from previous WordPress versions.

Disable Ping-o-matic and other notifications

Install and activate Scott Reilly’s Silent Publish plugin.

From the plugin page:

This plugin gives you the ability to publish a post without triggering pingbacks, trackbacks, or notifying update services.

To make this the default behavior (Silent Publish is off by default) add this one line to your child theme’s functions.php file.

add_filter( 'c2c_silent_publish_default', '__return_true' );

Now when you go to the post editor page, you will see the “Silent publish?” checked on by default.

Disable Google fonts

Some people do not like anything related to Google and that’s fine. While I personally think this makes my WordPress site look awkward, here’s a plugin that does that.

Install and activate Remove Google Fonts References plugin.

Limit login attempts

I use Jetpack for a lot of things and Brute Protect prevents known attack IPs from reaching your site. If you want to limit your login attempts without using that plugin then try this one from BestWebSoft.

I selected that plugin because it’s actively supported by the author and has many options.

Disable Gravatars

Update: I forgot about Gravatars. 😉

There are a couple of ways to do that and the absolute simplest way is use the admin >> Settings >> Discussion and scroll down to the Avatars and uncheck that box. WP beginner has a post with a video on how to do that.

Use the Disabler plugin

Some more settings (including XML-RPC) can be toggled with the Disabler plugin. You can disable the following with a check box.

  • Disable Texturization
  • Disable auto-correction of WordPress capitalization
  • Disable paragraphs (i.e. <p> tags) from being automatically inserted in your posts.
  • Disable self pings (i.e. trackbacks/pings from your own domain).
  • Disable all RSS feeds.
  • Disable XML-RPC.
  • Disable auto-saving of posts.
  • Disable post revisions.
  • Disable WordPress from printing it’s version in your headers (only seen via View Source).
  • Disable WordPress from sending your URL information when checking for updates.

I use this plugin to disable self-pings.

Plugins are not that difficult to maintain

One of the common complaints about WordPress is “Why can’t there be a check box in the admin GUI to disable these features?” A quick count above shows that would be 16 boxes to work with.

Aaron Jorbin had a good reply on the make/core blog but it may not be clear to everyone: giving users too many options makes their site more difficult to support.

Ideally, there would be one plugin for all of this (hint to Mika and the other Disabler authors) but for anyone rolling out WordPress installations, these disabled settings can hard coded into a custom plugin.

Why do it that way? Just like disabling the XML-RPC feature, it’s often just a few lines of code. A custom plugin can accomplish what you want while limiting options in the administration backend.