WordPress Tips & Tricks
Youtube

What Is rel=”noopener noreferrer” in WordPress? (Explained)

  • Last Updated: March 24, 2026

If you’ve looked at your WordPress site’s source code, you’ve probably noticed rel=”noopener noreferrer” on links that open in a new tab. WordPress adds these attributes automatically, and they show up whether you use the Block Editor or the Classic Editor.

This guide covers what each attribute does, whether they affect your SEO, how they interact with affiliate links, and how to remove them if you need to.

What Is rel=”noopener” in WordPress?

Starting with WordPress 4.7.4 in 2017, WordPress began adding rel=”noopener” to every link with a target="_blank" attribute (links set to “Open in new tab”).

Adding a new link in the WordPress Block Editor with the Open in new tab option toggled on
Adding a new link in the Block Editor with the “Open in new tab” option on

The reason: preventing reverse tabnabbing. Without rel="noopener", a page you link to can access your page’s window.opener object through JavaScript. An attacker could use this to silently replace your tab with a phishing page, like a fake login screen that sends credentials to their server. Because users trust tabs they already have open, this type of attack is especially effective.

Adding rel="noopener" blocks this by preventing the new page from accessing window.opener entirely.

What Is rel=”noreferrer”?

WordPress also adds rel=”noreferrer” alongside noopener in many cases. This attribute serves a different purpose: it strips the Referer header from the outgoing request.

Without noreferrer, when someone clicks a link on your site, the destination site can see the URL they came from. With noreferrer, that referral data is hidden. The linked site won’t know the visitor came from your page.

In short: noopener = security (blocks window.opener access), while noreferrer = privacy (hides referral source). WordPress adds both to give external links an extra layer of protection.

Do Modern Browsers Still Need rel=”noopener”?

Here’s something most guides don’t mention: modern browsers have already solved the tabnabbing problem on their own. Chrome 88 (January 2021), Firefox 79, Safari, and Edge all now treat target="_blank" links as if they have rel="noopener" by default.

This means the rel="noopener" attribute is technically redundant in any browser released after early 2021. WordPress still adds it for backward compatibility with older browsers, which is a reasonable safety net. You don’t need to worry about it either way; it causes no harm and protects the small percentage of visitors using outdated software.

Does rel=”noopener noreferrer” Affect SEO?

No. Neither rel=”noopener” nor rel=”noreferrer” affects your WordPress SEO.

Google treats these as security and privacy attributes, not ranking signals. They don’t pass or block link equity (that’s what rel="nofollow" does). Your outbound links will still count as normal followed links in Google’s eyes, even with noopener and noreferrer attached.

If you want to learn more about how links affect rankings, our WordPress SEO tips guide covers internal and external linking best practices.

noopener vs noreferrer vs nofollow

These three rel attributes look similar but serve completely different purposes:

  • noopener prevents the linked page from accessing your page’s window.opener object. This is a security measure against tabnabbing attacks.
  • noreferrer strips the Referer header so the destination site can’t see where the click came from. This is a privacy measure.
  • nofollow tells search engines not to follow the link or pass ranking authority to the destination. This is an SEO directive, commonly used for paid links, ads, and user-generated content.

You can combine all three on a single link if needed: rel="nofollow noopener noreferrer". Each one operates independently.

Does rel=”noreferrer” Affect Affiliate Links?

This is where noreferrer matters most. Some affiliate programs track conversions using the Referer header to verify that a click came from your site. When WordPress adds rel="noreferrer" to your affiliate links, that referral data gets stripped, and the affiliate network can’t confirm the source.

Most modern affiliate programs (Amazon Associates, ShareASale, Impact) use URL parameters for tracking instead of the Referer header, so noreferrer won’t affect them. Still, if you notice affiliate conversions dropping or your affiliate dashboard shows “direct” traffic instead of referrals from your site, noreferrer is the likely cause.

The safest approach for affiliate links: use rel="sponsored noopener" without noreferrer. This keeps the security protection, preserves referral tracking, and properly identifies the link as sponsored per Google’s guidelines.

How to Remove rel=”noopener noreferrer” in WordPress

Before removing these attributes, consider whether you actually need to. Removing noopener reduces security for visitors on older browsers. Removing noreferrer is more reasonable if you need referral tracking for affiliate links or analytics.

Plugin Method

The easiest option is the Remove Noreferrer plugin. Just install and activate it, and it strips noreferrer from your links automatically.

Code Snippet Method

If you prefer code, WordPress provides the wp_targeted_link_rel filter. You can add this to your theme’s functions.php file or use the Code Snippets plugin. This filter works with both the Block Editor and the Classic Editor.

This snippet removes noreferrer while keeping noopener intact (the recommended approach):

view raw allow-unsafe-link-target-wordpress.php hosted with ❤ by GitHub

This change only applies to new links. To update existing links, use a plugin like Better Search Replace to find and replace noreferrer across your content.

Frequently Asked Questions

Should I Remove rel=”noopener” From My Links?

No. There’s no benefit to removing it. It doesn’t affect SEO, performance, or user experience. It provides a small security benefit for visitors on older browsers, and modern browsers already apply the same protection by default. Leave it in place.

Does WordPress Add rel=”noopener” to Internal Links?

Only if you set the link to open in a new tab. WordPress adds rel="noopener noreferrer" to any link with target="_blank", regardless of whether it points to your own site or an external one. Internal links that open in the same tab don’t get these attributes.

What About rel=”ugc” and rel=”sponsored”?

Google introduced rel="ugc" (user-generated content) and rel="sponsored" in 2019 as alternatives to nofollow. These are SEO directives that help Google understand the nature of a link. They’re separate from noopener and noreferrer, which are browser-level security and privacy attributes. You can combine them: rel="sponsored noopener" is perfectly valid.

In most cases, you don’t need to do anything about rel="noopener noreferrer" in WordPress. It’s a security and privacy feature that works quietly in the background. The only scenario where you should consider changes is if noreferrer is interfering with your affiliate link tracking. In that case, remove noreferrer while keeping noopener in place.

Picture of Andy Feliciotti

Andy Feliciotti

Andy has been a full time WordPress developer for over 10 years. Through his years of experience has built 100s of sites and learned plenty of tricks along the way. Found this article helpful? Buy Me A Coffee

6 Responses

  1. Nicely Explained! Previously I thought that noopener and nofollow are same thing! but your explanation has cleared my wrong thought. Thanks for sharing this helpful content with us.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

WordPress Tips Monthly
Get the latest from SmartWP to your inbox.