Beginner's Guide for WordPress / Start your WordPress Blog in minutes

How to Disable Post oEmbed on Your WordPress Site

WordPress 4.4 introduced a post oEmbed feature which allows others to embed your WordPress posts into their own site by adding the post URL. In this article, we will show you how to disable post oEmbed on your WordPress site.

How to Disable Post oEmbed on Your WordPress Site

What is Post oEmbed in WordPress and Why You Should Disable it

OEmbed provides an easy way to embed content from one site to another. Many popular websites like Flickr, YouTube, Twitter, and others use it.

Websites that allow other websites to embed their content using oEmbed protocol are called oEmbed providers.

WordPress supports many oEmbed providers by default that’s why you can easily embed videos, Tweets, Instagram photos, and much more by just pasting the URL and not the embed code.

Since WordPress 4.4, all WordPress sites using the latest version will become an oEmbed provider themselves. This means other bloggers can add your posts to their site by simply adding the post URL in their own posts.

WordPress post embeds

There is no harm in leaving it enabled on your website. It only allows other websites to show a small summary of your content with post title and featured image.

How to Diable Post oEmbed on Your WordPress Site

First thing you need to do is install and activate the Disable Embeds plugin. It works out of the box, and there are no settings for you to configure.

Simply activating the plugin will disable oEmbed for your posts on other WordPress sites.

That’s all. We hope this article helped you disable oEmbed for posts on your WordPress site. You may also want to see our list of 40 useful tools to manage and grow your WordPress blog.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

Disclosure: Our content is reader-supported. This means if you click on some of our links, then we may earn a commission. See how WPBeginner is funded, why it matters, and how you can support us.

The Ultimate WordPress Toolkit

Get FREE access to our toolkit – a collection of WordPress related products and resources that every professional should have!

Reader Interactions

21 CommentsLeave a Reply

    • You would want to reach out to the plugin’s support and they should be able to take a look at the cause of the possible issue.

      Admin

    • It would depend on what crawlers you mean but the main goal of this would be to prevent your posts from being embedded using oembed rather than preventing something that crawls your RSS feed

      Admin

  1. Hi. My concern is not whether others can embed my content, but instead, I want to PREVENT iframe embeds by WordPress on my own pages when I include a link to another site. How can I do that?

    I have a problem on one site on which I include a list of links to help people, but one of the links causes a pop-up registration box for the external site in the Safari browser on all Apple devices. If I visit the external page, however, there is no registration pop-up.

    It’s very off-putting and confusing for any visitor to my site to encounter a pop-up registration box from an external site about 5 seconds after loading the page from my site. I would also like the option to block oembeds when I include links to external sites on a page. How can I do that? I haven’t been able to find any way to stop my own site’s pages from including embeds in iframes on my pages. Can anyone offer a solution? Thanks in advance! :)

  2. The caption says “… and Why You Should Disable it”, but the story says “There is no harm in leaving it enabled on your website.” I tend to agree with the latter, unless I’m missing something.

    Why would we want to disable a feature that allows someone, who found our content useful, to easily post a nice summary of it on their own site? It seems like there are only upsides to that, unless the new feature has negatives like security holes, or it’s resource-intensive or something.

      • “no downside”.. except the oembed script added by wp_head function shows your site owner username.. The hackers job just got cut in half.

        • It does not show username, instead it shows author name. You can edit your WordPress profile and under ‘Display Publicly As’ select a user nicename, this could be your first or last name, or a nickname. If you are more security conscious then you can use a username that is even harder to guess.

        • The field author_name shows the authors name. But the field author_url ends with the username slug. I have changed nickname in the admin panel and nicename in the db and still it shows the username like this in the json format:

          “author_url”:”http:\/\/website.com\/author\/username\/

      • Yes, there is most definitely a downside to this bug (this is not a feature, a feature is something you *want*, not something you don’t want that you need to take extra steps to get rid of.) See me other just-submitted comment about how this is aggravatingly interfering with my ability to post code examples on my blog..

    • Um, this is a very stupid feature that should have been opt-in, not opt-out. I run a tech blog, and I am trying to post about apache mod_rewrite rules, and I can’t use URLs in my examples because it keeps “helpfully” embedding content instead of leaving my posts as I type them, ruining my example code. Totally aggravating.

  3. Thanks for that hint.
    Is there an option to add a code snippet to the functions.php for example instead of another plugin?

    • Rather than adding a lot of code I recommend to block other sites from displaying your content in an iframe which is what the oembed feature does. Add the following lines to your .htaccess file:

      Header set X-XSS-Protection “1; mode=block”
      Header always append X-Frame-Options SAMEORIGIN
      Header set X-Content-Type-Options: “nosniff”

      • the comments strip out some code, next try:

        ´

        Header set X-XSS-Protection “1; mode=block”
        Header always append X-Frame-Options SAMEORIGIN
        Header set X-Content-Type-Options: “nosniff”

        ´

        • Well, I have no idea how to post a code here. The three lines have to sit between a conditional “ifModule mod_headers.c” . However lines with “smaller”/”greater” arrows are filtered out in the comments (i guess this is a html tag strip feature).

      • 2nd try

        <ifModule mod_headers.c>
        Header set X-XSS-Protection "1; mode=block"
        Header always append X-Frame-Options SAMEORIGIN
        Header set X-Content-Type-Options: "nosniff”
        </ifModule>
        • Was wondering if someone would mention this. I’d bet a lot of those 404’s are from other sites: search engines following links to removed content, images …

Leave a Reply to Neil Cancel reply

Thanks for choosing to leave a comment. Please keep in mind that all comments are moderated according to our comment policy, and your email address will NOT be published. Please Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.