What’s rel=”noopener” in WordPress & How to Remove It
If you have upgraded to WordPress 4.7.4 version or newer, then you must have noticed a new tag rel="noopener"
alongside the target="_blank"
tag in the HTML editor. The tag is automatically added to all internal and external links when you make them open in a new tab.
Like any other concerned web developer, you must be wondering what this tag does and whether it affects your websites negatively in any way?
Well, in this post I’ll tell you what is rel="noopener"
in WordPress and how can you remove it if needed.
What is rel=”noopener”?
As intrusive as it may sound, it is actually a security fix to prevent malicious links from taking control over an opened tab. Usually, window.opener Javascript object can be used to control a parent window (your current tab) using a child window (the newly opened tab).
Hackers can use this feature to switch user’s currently opened website with a fake one and steal information, such as login details. Here is an example website showing how window.opener can hijack your tab.
To prevent this, rel="noopener"
is the tag that blocks the use of the window.opener Javascript object. If window.opener will not work, then a tab can’t control another tab.
This security fix was added in TinyMCE plugin on 23rd November 2016. As WordPress uses TinyMCE as its text editor, it also got updated with this feature in WordPress version 4.7.4.
Is it bad for your website?
In short, no.
Many WordPress users are concerned that rel="noopener"
may be making all internal and external links "nofollow", which is really bad for SEO. In actual, rel="noopener"
is just an instruction for the user’s browser to stop the use of the window.opener Javascript object.
The website SEO is affected by search engines and they don’t interact with rel="noopener"
tag. Same goes for analytics software that completely ignores this tag.
This might have been a bit of a problem when WordPress first added rel="noopener noreferrer"
tag before the fix was released with WordPress version 4.7.4. In the former version, "noreferrer" prevented the link from knowing where it actually came from.
Although it didn’t affect SEO, some of the analytics tools and affiliate programs were affected. However, it seems WordPress has now removed the "noreferrer" tag and you should have no problem with rel="noopener"
tag. Just make sure you update to the latest version of WordPress.
How to remove rel=”noopener”
I don’t see any good reason to remove rel="noopener"
from your posts. It doesn’t affect SEO, no impact on analytics tools, and affiliate links also won’t break. It merely protects your users from potential malicious links that could hijack their tabs.
As it only stops the use of the window.opener Javascript object, I believe you will only want to remove it when you want to take advantage of the window.opener feature for any purpose.
Removing rel="noopener"
can be a bit difficult as it is integrated into the WordPress text editor. Even if you manually remove it from the HTML code, it will be added back again when you will save the document. So your best bet is to disable this feature from the TinyMCE plugin itself.
To do this you will have to add some lines of code in the functions.php file of your WordPress theme.
In the functions.php file, copy and paste the below-mentioned code and save it:
// Note that this intentionally disables a tinyMCE security feature. // Use of this code is NOT recommended.add_filter('tiny_mce_before_init','tinymce_allow_unsafe_link_target'); function tinymce_allow_unsafe_link_target( $mceInit ) { $mceInit['allow_unsafe_link_target']=true; return $mceInit; }
This will stop WordPress from automatically adding rel="noopener"
tag in your posts. However, this will not remove already added tags, so you will have to manually remove them from posts saved after WordPress 4.7.4 update.
To conlclude
There is no need to be afraid of the rel="noopener"
tag as it is a step forward in to the security of your website visitors. Unless you want to use the window.opener feature, you should embrace this new edition of security feature.
If there is any other reason why you are looking to remove rel="noopener"
tag, then do enlighten us in the comments below.