We once had a client whose website visitors were redirected to suspicious sites after clicking on external links. The issue stemmed from a small piece of missing code that created a significant security vulnerability.
It’s a concerning reality, but this vulnerability can impact any WordPress site. Technical terms like rel="noopener" can be confusing, leaving you anxious about whether your website is genuinely safe for your visitors.
At CanadaCreate, we’ve secured thousands of websites and discovered that these minor details can make a substantial difference. We will explain what rel="noopener" means in straightforward terms and why it is crucial.
Let’s explore how this small attribute safeguards you and your users.
What Is rel=”noopener” in WordPress?
When you add links to your WordPress site, you can utilize HTML attributes to dictate what occurs when the link is clicked.
For instance, when you create a link, there is an option to open it in a new tab.
The HTML code generated by WordPress for this link appears as follows:
You may notice that certain HTML attributes have been added to the link: rel="noopener" and rel="noreferrer". These attributes are implemented to mitigate a security vulnerability.
When you use target="_blank" to open a link in a new tab, a potentially unexpected behavior occurs by default. The new tab actually establishes a connection back to the original tab you were just viewing.
This connection is facilitated by a feature in web browsers known as window.opener. The page in the new tab can access and even manipulate certain properties of the original tab, such as altering the page’s URL (window.opener.location).
This creates a security risk.
Consider a scenario where you click a link on a trusted website, which opens a malicious page in a new tab. Due to the window.opener connection, that malicious page could potentially alter the original trusted page you were just viewing into a deceptive login page (a phishing scam), deceiving you when you return to the original tab.
The noopener link attribute is specifically designed to eliminate this security risk.
When you include rel="noopener" in a link that opens in a new tab, you instruct the browser not to establish a window.opener connection between the two tabs. This enhances user safety against scams and phishing attacks.
How Does rel=”noopener” Impact Your WordPress SEO?
It does not.
Although the rel="noopener" attribute enhances the security of your WordPress site, some users hesitate to use it due to misconceptions about its effect on SEO.
This is simply a myth.
It does not affect your site’s SEO rankings or overall WordPress performance.
What’s the Difference Between “noopener” and “nofollow”?
It’s common to confuse rel="noopener" with rel="nofollow". However, these are distinct attributes.
The noopener attribute protects your website from cross-site hacking and bolsters WordPress security.
Conversely, the nofollow attribute prevents your website from transferring SEO link equity to the linked site.
Search engines recognize and take into account the nofollowattribute when clicking on a link on your website. However, they often overlook the importance of thenoopenertag.
Thenofollowattribute instructs search engines not to transfer any SEO authority to the linked website. While the WordPress block editor includes a built-in option to addnofollowto a link, a plugin is typically required for more advanced management.
For instance, you may want to automatically apply thenofollowtag to all external links on your site, making an SEO plugin crucial.
To find out more, check out our article on how to add title and nofollow attributes to links in WordPress.
Does rel=’noreferrer’ Impact Affiliate Links in WordPress?
Therel="noreferrer"attribute does not impact affiliate links in WordPress. Some users mistakenly think it does becauserel="noreferrer"stops the referrer information from being sent to the new tab.
However, most affiliate programs provide a unique URL that includes your affiliate ID. This ensures that your affiliate ID is transmitted as a URL parameter for tracking on the other website.
Additionally, many affiliate marketers utilize a link-cloaking plugin for their affiliate links.
Link cloaking allows you to disguise your affiliate links as URLs from your own website, which then redirect users to the intended destination.
How to Disable rel=”noopener” in WordPress
There is no need to eliminate rel="noopener" from your website’s links. It enhances your site’s security without affecting performance or SEO.
If you absolutely need to remove it, you will have to disable the Gutenberg block editor and switch to the classic editor in WordPress.
This is because if you manually remove rel="noopener", the block editor will automatically reinstate it to maintain your site’s safety.
After disabling the block editor, you will need to insert a code snippet into your theme’s functions.php file or use the WPCode plugin (recommended). For guidance on using the WPCode Free Plugin, refer to our tutorial on adding custom code in WordPress easily.
Simply paste the following code into a new PHP snippet:
add_filter('tiny_mce_before_init','wpb_disable_noopener');
function wpb_disable_noopener( $mceInit ) { $mceInit['allow_unsafe_link_target']=true; return $mceInit;
}
Ensure that the ‘Active’ toggle is enabled and then click the ‘Save Snippet’ button.
This will prevent WordPress from automatically adding rel="noopener" to new links. Additionally, you will need to manually update any existing links to remove this attribute.
For greater control over link attributes, we recommend using the All in One SEO (AIOSEO) plugin. AIOSEO allows you to easily add attributes such as nofollow or sponsored directly within the WordPress editor, assisting you in optimizing your external links according to SEO best practices.
Frequently Asked Questions About rel=’noopener’
Here are answers to some of the most frequently asked questions regarding the ‘noopener’ attribute in WordPress.
1. What is the primary purpose of using rel=’noopener’?
The primary purpose of rel="noopener" is to enhance security. It prevents a new tab from gaining control over the original tab that opened it, thereby protecting your visitors from potential phishing attacks.
2. Is rel=’noopener’ beneficial for SEO?
The rel="noopener"The rel=”noopener” attribute does not influence your website’s SEO, either positively or negatively. Its primary purpose is to enhance security, and search engines do not consider it when determining rankings.
3. Is it advisable to remove rel=”noopener” from my links?
No, there is no valid reason to remove rel="noopener". This attribute offers significant security advantages without any adverse effects on SEO or site performance, so it is recommended to keep it.
4. Does WordPress automatically include rel=”noopener”?
Yes, WordPress automatically adds rel="noopener" to links that are configured to open in a new tab. This crucial security feature was introduced in WordPress version 4.7.4 and is now a standard component of the modern block editor.
Expert Guides on Managing Links in WordPress
We hope this article has helped you understand rel="noopener" in WordPress. You might also find these additional guides on link management in WordPress useful:
- Beginner’s Guide to Adding Links in WordPress
- How to Open External Links in a New Window or Tab Using WordPress
- A Simple Guide for Beginners on Adding Nofollow Links in WordPress
- How to Include Title and Nofollow Attributes in the Link Insertion Popup in WordPress
- A Comprehensive Guide to Adding Nofollow to All External Links in WordPress
- Simple Methods to Track Link and Button Clicks in WordPress
- How to Effectively Track Outbound Links in WordPress
- Beginner’s Guide to Changing Link Colors in WordPress
- The Ultimate Guide to Internal Linking for SEO: Best Practices Explained
- How to Preload Links in WordPress to Improve Loading Speed
- Step-by-Step Guide to Finding and Fixing Broken Links in WordPress
- Top Internal Linking Plugins for WordPress: Automatic and Manual Options
If you enjoyed this article, consider subscribing to our YouTube Channel for WordPress tutorials. Connect with us on Twitter and Facebook!
