Remove the WordPress emoji script library that loads on every page, slowing your site and revealing WordPress to scanners. WordPress includes a JavaScript library called Twemoji on every single page – even if you’ve never used an emoji. This script loads from s.w.org (a WordPress.org subdomain), adds inline CSS and JavaScript to your HTML, and creates a clear WordPress fingerprint. Most sites don’t need it. Modern browsers and operating systems render emojis natively. Disabling it improves both performance and security.
What Are WordPress Emoji Scripts?
WordPress includes Twemoji, a JavaScript library that converts text-based emoji characters into image-based icons. It was added in WordPress 4.2 to ensure consistent emoji rendering across older browsers and devices that didn’t support native emojis.
When Twemoji is active, WordPress adds several things to every page on your site: an inline JavaScript block that detects and replaces emoji characters, a reference to the Twemoji script hosted at s.w.org, and inline CSS styles for emoji rendering. Together, these add approximately 15–20 KB of JavaScript and CSS to every page load – before the browser even starts rendering your actual content.
The key problem: the script loads from s.w.org, which is a WordPress.org subdomain. Any scanner or theme detector that sees a connection to s.w.org immediately identifies your site as WordPress. You can hide every path, strip every version number, and remove every meta tag – but if the emoji script is still loading from s.w.org, your CMS is revealed.
Why You Should Disable WordPress Emojis
This is one of the rare features where security and performance improvements go hand in hand. Here’s why disabling emojis matters for your hack prevention strategy:
The s.w.org connection is a WordPress-exclusive fingerprint. No other CMS loads scripts from s.w.org. It’s the most unique WordPress identifier you can have in your page source – more distinctive than the generator tag, version parameters, or even default path structures. Removing the emoji script eliminates this connection entirely.
It adds unnecessary page weight. The Twemoji inline script, external script reference, and inline CSS styles add roughly 15–20 KB of render-blocking content to every page. On a site with 50 pages, that’s almost 1 MB of content served to visitors for a feature most sites never use. Performance tools like Google PageSpeed Insights flag this as render-blocking JavaScript.
Modern browsers don’t need it. In 2015 when Twemoji was added, many browsers couldn’t render emojis natively. Today, every modern browser and operating system (Chrome, Firefox, Safari, Edge, iOS, Android) handles emojis natively. The Twemoji library is a solution for a problem that no longer exists on current devices.
It creates an external DNS lookup. Loading the script from s.w.org requires the browser to perform a DNS lookup for that domain, establish a connection, and download the resource. That’s network overhead on every page load for a script you likely don’t need. This is also why WordPress adds the DNS prefetch tags for w.org – to speed up this unnecessary connection.
How to Hide WordPress Emoji Icons
- Go to WP Ghost > Tweaks > Hide Options.
- Switch on Hide Emojicons.
- Click Save to apply.
After saving, open your site in a private browser window and view the page source. Search for s.w.org or twemoji – neither should appear. The inline emoji JavaScript, the external script reference, and the emoji CSS are all removed.
Frequently Asked Questions
Will emojis still work on my site?
Yes – on modern browsers. When you disable WordPress’s Twemoji script, the browser uses its own native emoji rendering instead. Every current browser (Chrome, Firefox, Safari, Edge) and operating system (Windows, macOS, iOS, Android) renders emojis natively. The only scenario where emojis might not display correctly is on very old browsers (pre-2015 era) that lack native emoji support. For the vast majority of visitors, emojis continue working exactly as before.
How much performance improvement will I see?
Removing the emoji script eliminates approximately 15–20 KB of render-blocking JavaScript and CSS from every page, plus one external DNS lookup and HTTP request to s.w.org. The impact is noticeable in performance audits like Google PageSpeed Insights. For sites with many pages, the cumulative bandwidth savings are significant.
Should I also disable DNS prefetch if I disable emojis?
Yes. The DNS prefetch tags for w.org and wordpress.org exist primarily to speed up the emoji script connection. If you disable emojis, the prefetch tags are unnecessary – they only pre-resolve a domain your site no longer connects to. Disable both for a clean result.
Does this affect SEO?
No. Search engines don’t index emojis differently based on whether they’re rendered by Twemoji or native browser support. If anything, removing render-blocking scripts can slightly improve your Core Web Vitals scores, which is a positive ranking signal.
Does WP Ghost modify WordPress core files?
No. WP Ghost prevents the emoji scripts from loading by deregistering them through WordPress hooks at runtime. No files are modified. Disabling the feature restores the emoji library on the next page load.
Related Tutorials
Remove all WordPress identity signals and improve performance:
- Hide the WordPress Version – Strip version parameters from CSS and JS files.
- Hide HTML Comments – Remove plugin and theme identifiers from HTML comments.
- Hide from WordPress Theme Detectors – The complete guide to defeating CMS scanning tools.