In this article I read, that using <a href="" target="blank"> is related to some security issues. They recommend rel=noopener.

How do I implement this in my WP-Installation? Which file is the relevant one? Thank you.

In this article I read, that using <a href="" target="blank"> is related to some security issues. They recommend rel=noopener.

How do I implement this in my WP-Installation? Which file is the relevant one? Thank you.

• security
• links

Share Improve this question edited Apr 15, 2019 at 11:58 butlerblog 5,13133 gold badges2828 silver badges4444 bronze badges asked Apr 15, 2019 at 7:37 S.HS.H 10544 bronze badges

Add a comment  | 

2 Answers 2

Sorted by: Reset to default 3

Since WordPress 5.1 (see #43187) it ships with the wp_targeted_link_rel() function, that adds noreferrer and noopener relation values to all anchor elements that have a target.

This function is used to filter through the various input data just before saving it, e.g.

• post title,
• post content,
• post excerpt,
• comment content,
• term description,
• link description,
• link notes,
• user description.

Since 5.2 the following improvements are made:

• #46421 handles the Text and HTML widgets.
• #43280 handles the Image Media widget.
• #43290 handles the Menus.

There are open tickets to further refine it, e.g.

• #46886 to avoid false positive from the data-target attribute.
• #46580 asks if there's any reason to add the relations for any values of target.
• 46316 to not let it corrupt JSON content.
• #46479 to handle the comment fields.

If you have some custom user input that allows external links, then you could use:

$text = wp_targeted_link_rel( $text );

to handle it.

The default relation values 'noopener noreferrer' are also filterable through the wp_targeted_link_rel filter.

"Wich file is the relevant one" = All files that allow user generated content to be viewed.

You have to change hook into the_content to change the URLs and add noopener

There is a great answer here: How to add nofollow on all external links without plugin? (and here: A plugin for having rel="nofollow" in posts? ) you should look into.