WP Declutter
Remove unnecessary WordPress features
WP Declutter strips out the WordPress features you don't need—comments, emojis, XML-RPC, dashboard widgets, and dozens of other things that slow down your site or clutter your admin. Toggle things on and off with a clean interface.
Getting Started
What you need:
- WordPress 5.8 or newer
- PHP 7.4 or newer
- Admin access to your site
To install:
- Download the plugin from your CraftedPath account
- In WordPress, go to Plugins → Add New → Upload Plugin
- Upload the zip file and click Activate
- Go to CraftedPath → WP Declutter to configure
The plugin comes with sensible defaults—most cleanup options are already enabled. Review the settings and adjust to your needs.
Comments & Discussion
Disable Comments Removes the entire comment system from WordPress:
- Closes comments on all posts
- Hides existing comments
- Removes Comments menu from admin
- Removes comment icon from admin bar
- Removes comment-related dashboard widgets
Use this if your site doesn't need comments at all. If you just want to disable comments on new posts, use WordPress's built-in Discussion settings instead.
Disable Trackbacks/Pingbacks Removes pingback and trackback functionality. These are legacy features that notify other sites when you link to them—rarely used today and often exploited for spam.
Security & Privacy
Disable XML-RPC Blocks all XML-RPC requests. XML-RPC is an old API that's rarely needed but is a common target for brute-force attacks. If you use the WordPress mobile app or Jetpack, you may need to leave this enabled.
Hide WordPress Version Removes the WordPress version number from:
- HTML source code
- RSS feeds
- Script and style URLs
Hiding your version makes it slightly harder for attackers to know which vulnerabilities might apply to your site.
Disable File Editor Removes the built-in theme and plugin file editor from the admin. This is a security best practice—if someone gains admin access, they can't immediately inject malicious code into your theme files.
Disable Application Passwords Removes the Application Passwords feature from user profiles. Application passwords allow third-party apps to authenticate without your main password. If you don't use any apps that need this, disable it.
Obfuscate Login Errors Shows a generic "Invalid login credentials" message instead of telling attackers whether the username or password was wrong. Makes brute-force attacks harder.
Restrict REST API Requires authentication for all REST API requests. The REST API exposes information like usernames by default. Enable this for better privacy, but note that some plugins and themes rely on public REST API access.
Head Cleanup
These options remove unnecessary tags from your site's <head> section, reducing page size and hiding information about your WordPress setup.
Remove RSD Link Removes the Really Simple Discovery link. Only needed if you use XML-RPC clients.
Remove WLW Manifest Removes the Windows Live Writer manifest link. Windows Live Writer was discontinued years ago.
Remove Shortlink
Removes the ?p=123 style shortlink. Your pretty permalinks are better anyway.
Remove REST API Link Removes the REST API discovery link from the head. The API still works, but browsers won't auto-discover it.
Remove oEmbed Links Removes oEmbed discovery links. These allow other sites to embed your content—remove if you don't want that.
Remove Generator Tag Removes the WordPress version meta tag. Same effect as "Hide WordPress Version" but specifically for the generator tag.
Remove Duotone SVGs Removes inline SVG filters that the block editor adds for duotone image effects. Saves a few KB if you're not using duotone.
Performance
Disable Emojis Removes WordPress's emoji scripts and styles. Modern browsers handle emojis natively—you don't need WordPress's polyfill. Saves about 10KB per page.
Disable Gutenberg Switches back to the Classic Editor for all posts. Also removes Gutenberg's frontend CSS. Use this if you prefer the classic editing experience or need to reduce frontend bloat.
Disable oEmbed Disables automatic embedding of content from YouTube, Twitter, etc. You can still manually embed with iframe code, but pasting a URL won't auto-convert to an embed.
Limit Heartbeat API Reduces Heartbeat API frequency from every 15 seconds to every 60 seconds. The Heartbeat API handles auto-save and login session checks—slowing it down reduces server load, especially with multiple users.
Disable Self-Pingbacks Prevents WordPress from sending pingbacks to itself when you link to your own content. Eliminates unnecessary database writes and notifications.
Admin Cleanup
Remove Dashboard Widgets Removes default dashboard widgets:
- WordPress News
- Quick Draft
- At a Glance
- Activity
- Site Health
- Welcome panel
Creates a cleaner dashboard. You can still access this information elsewhere in the admin.
Remove Admin Footer Removes the "Thank you for creating with WordPress" text and version number from the admin footer.
Remove "Howdy" Changes "Howdy, Username" in the admin bar to just "Username". Small thing, but cleaner.
Hide Update Nags Hides update notices for non-administrator users. Admins still see updates, but editors and authors won't be bothered.
Remove Help Tab Removes the contextual Help tab from admin screens. Most users never click it anyway.
Remove Screen Options Removes the Screen Options tab from admin screens. Use with caution—Screen Options lets users customize their admin view.
Media & SEO
Disable Attachment Pages Redirects attachment pages (the pages WordPress creates for each uploaded file) to either:
- The parent post (if the attachment is attached to a post)
- The homepage (if no parent)
Attachment pages are thin content that can hurt SEO. This 301 redirects them away.
Disable RSS Feeds Disables all RSS, Atom, and RDF feeds. Returns a 404 instead of feed content. Also removes feed links from the head.
Only disable if you're sure no one subscribes to your feed and you don't syndicate content anywhere.
Recommended Settings
The plugin comes with these defaults:
| Feature | Default | Why |
|---|---|---|
| Disable Comments | ON | Most sites don't use comments |
| Disable XML-RPC | ON | Security risk if unused |
| Hide WP Version | ON | Basic security hygiene |
| Disable File Editor | ON | Security best practice |
| Disable Emojis | ON | Unnecessary bloat |
| Head cleanup (all) | ON | Clean, lean pages |
| Dashboard widgets | ON | Cleaner admin |
| Disable Gutenberg | OFF | Most sites use it |
| Restrict REST API | OFF | Can break plugins |
| Disable Feeds | OFF | Some sites need RSS |
Review each option based on your specific needs. When in doubt, leave defaults.
Troubleshooting
"A plugin stopped working after enabling Restrict REST API" Many plugins use the REST API. Disable "Restrict REST API" and the plugin should work again. Common culprits: contact forms, page builders, and caching plugins.
"I can't edit theme files anymore" That's the "Disable File Editor" option working. If you need to edit files, do it via FTP/SFTP or disable that option temporarily.
"Embeds aren't working" If you disabled oEmbed, pasting YouTube/Twitter URLs won't auto-convert. Either re-enable oEmbed or use manual embed codes.
"My dashboard is empty" The "Remove Dashboard Widgets" option removes the default widgets. Third-party plugin widgets may still appear. Your content is fine—just the dashboard view changed.
"Mobile app can't connect" The WordPress mobile app uses XML-RPC. If you disabled XML-RPC, the app won't work. Either re-enable XML-RPC or use the web admin on mobile.
Technical Details
Settings stored in: wp_options table, key cpwd_settings
When do changes take effect? Most changes take effect immediately on save. A few (like Disable File Editor) are set via PHP constants and apply on the next page load.
Does this modify the database? No. WP Declutter only adds filters and actions to change WordPress behavior. Your content and database structure are untouched.
Will disabling features break my site? The defaults are safe for most sites. Features marked as potentially breaking (like Restrict REST API) are disabled by default.
To uninstall completely:
- Deactivate and delete the plugin
- All WordPress features return to normal automatically
- To remove settings: delete the
cpwd_settingsoption fromwp_options