Remove the DNS prefetch tags that WordPress adds to your page source, pointing directly to wordpress.org and w.org. These are link tags that WordPress injects into every page’s <head> section to speed up connections to WordPress.org servers. They serve no purpose for most sites, but they do one thing very effectively: tell every scanner that your site runs WordPress. One toggle removes them.
What Are DNS Prefetch META Tags?
DNS prefetch is a browser optimization technique. When a page includes a <link rel="dns-prefetch"> tag, the browser resolves the domain name in the background before the user clicks any links – making subsequent connections to that domain faster.
WordPress automatically adds these DNS prefetch tags to your HTML <head> section:
<link rel="dns-prefetch" href="https://w.org">
<link rel="dns-prefetch" href="https://wordpress.org">These tell the browser to pre-resolve the wordpress.org and w.org domains. The original purpose was to speed up emoji loading (WordPress loads emoji scripts from s.w.org) and plugin/theme update checks. But for most production sites, these DNS lookups are unnecessary – and the tags themselves are a clear WordPress fingerprint.
Why You Should Hide DNS Prefetch Tags
DNS prefetch tags are a small but telling detail. Here’s why removing them matters for your hack prevention strategy:
They contain “wordpress.org” in plain text. A <link> tag pointing to wordpress.org or w.org is an unmistakable CMS identifier. Even if you’ve removed the generator meta tag, hidden all paths, and stripped all version numbers – these two tags still say “WordPress” in the page source. Scanners and theme detectors check for them.
They trigger unnecessary DNS lookups. Each prefetch tag causes the browser to resolve a domain in the background. If your site doesn’t use WordPress.org resources on the frontend (most don’t), these are wasted requests. They add a tiny bit of latency to every page load for zero benefit.
They signal your update infrastructure. The w.org domain is used for WordPress emoji scripts and update checks. Its presence in your source code tells anyone that your site connects to WordPress.org infrastructure – which only WordPress sites do.
How to Hide DNS Prefetch META Tags
- Go to WP Ghost > Tweaks > Hide Options.
- Click Save to apply.
After saving, open your site in a private browser window and view the page source. Search for w.org or wordpress.org – neither should appear in any <link> tag. Two more WordPress fingerprints gone.
Frequently Asked Questions
Will removing DNS prefetch tags slow down my site?
No. DNS prefetch for wordpress.org and w.org only benefits pages that load resources from those domains (like WordPress emoji scripts). If you’ve disabled wp-emoji (which most performance-optimized sites have), these prefetch tags serve no purpose at all. Removing them can actually save two unnecessary DNS lookups per page load.
Does this affect WordPress emoji loading?
The DNS prefetch tags pre-resolve the domain used for WordPress emoji scripts. If you still use WordPress emojis, removing the prefetch tag means the browser resolves the domain on demand instead of in advance – a difference of milliseconds. If you’ve already disabled wp-emoji (common for performance), there’s no impact at all.
Does this remove all DNS prefetch tags or just WordPress ones?
Only the WordPress-specific ones pointing to wordpress.org and w.org. DNS prefetch tags for other domains (like your CDN, Google Fonts, or analytics services) are untouched. WP Ghost only removes the tags that identify WordPress.
Does this affect SEO?
No. DNS prefetch tags don’t affect search engine indexing or ranking. They’re a browser-level performance hint. Removing them changes nothing for Google, sitemaps, or content visibility.
Does WP Ghost modify WordPress core files?
No. WP Ghost removes the DNS prefetch tags from the HTML output at runtime through WordPress filters. No files are modified. Disabling the feature restores the tags instantly.
Related Tutorials
Remove all WordPress identity signals from your page source:
- Hide the WordPress Version – Strip version parameters from CSS and JS files.
- Hide Source Map References – Remove debugging metadata that reveals file names.
- Hide from WordPress Theme Detectors – Remove all CMS detection signals.