You Might Not Realize Your Site Is Leaking Data
If you’ve ever clicked a link and had it open in a new tab without your permission, you’ve encountered the target tag. More specifically, you’ve met the `target=”_blank”` attribute in an HTML anchor tag.
While it seems like a simple convenience feature for website owners, its unchecked use is a silent security risk for your visitors and can harm your site’s perceived professionalism. You’re searching for how to remove target tags because you’ve likely spotted them in your code, heard about the security implications, or want to give control back to your users.
This guide will walk you through exactly what the target attribute is, why you should consider removing or securing it, and the practical, step-by-step methods to clean it up across different platforms.
What Is the Target Tag and Why Is It a Problem?
The target attribute in an HTML link (`` tag) tells the browser where to open the linked document. The most common value is `target=”_blank”`, which forces the link to open in a new tab or window.
On the surface, this seems helpful. It keeps your site open in the user’s original tab. However, when used with `target=”_blank”`, the new page gains a small but significant amount of control over the original page through the `window.opener` JavaScript property. This creates a security vulnerability known as tabnabbing or reverse tabnabbing.
A malicious site opened via `target=”_blank”` could potentially redirect your original page to a phishing site without the user noticing. Even without malicious intent, it’s a poor user experience practice to take control of the browsing session away from the visitor.
The Secure Modern Standard
The modern, secure way to open a link in a new tab is to add `rel=”noopener noreferrer”` to the anchor tag alongside `target=”_blank”`. The `noopener` part severs the `window.opener` connection, eliminating the security risk. The `noreferrer` part also prevents the new page from receiving HTTP referrer information about your site.
However, the core of your search intent—removing the target tag—often means one of two things: completely stripping the `target=”_blank”` attribute so links open in the same tab, or finding and securing all instances by adding the proper `rel` attributes. We’ll cover both approaches.
Finding Target Tags in Your Website’s Code
Before you can remove them, you need to find them. The method depends on how your website is built.
For static HTML files or simple templates, you can use your code editor’s search function. Open your project folder and search for the string `target=”_blank”`. Also check for variations like `target=’_blank’` or just `target=`.
If your site uses a Content Management System like WordPress, the tags could be in several places: hardcoded into your theme’s template files (header.php, footer.php, single.php), added by widgets, or inserted by users in post content using the classic editor.
For a quick check, view your site’s frontend, right-click on a page, and select “View Page Source.” Then use your browser’s find function (Ctrl+F or Cmd+F) and search for `target=`.
Checking WordPress Content
In WordPress, a significant source of target tags is the post and page content created with the Classic Editor. The Block Editor (Gutenberg) typically doesn’t add them by default unless a user manually adds the HTML.
To search your WordPress database for these tags, you need a plugin like “Better Search Replace” or “WP Migrate.” You can safely search your `wp_posts` table for the `target=”_blank”` string. Always back up your database before running any search and replace operations.
How to Remove Target Tags Manually from HTML
For direct control over your code, manual removal is straightforward. You simply locate the anchor tag and delete the target attribute.
Find a link that looks like this:
And change it to this:
Now, when a user clicks the link, it will open in the same tab, following standard web behavior. This is the complete removal method.
The Secure Alternative: Adding rel=”noopener noreferrer”
If you prefer to keep links opening in new tabs but want to make them safe, do not remove the target tag. Instead, modify it. Find the insecure link:
And update it to the secure version:
This small addition neutralizes the security threat while maintaining the new-tab behavior you might want for external links.
Automating Removal with Search and Replace
Manually editing hundreds of links is impractical. For static sites, you can use a powerful text editor like Visual Studio Code, Sublime Text, or Notepad++ to perform a project-wide search and replace.
Open your project’s root folder in the editor. Use the global search function. To completely remove `target=”_blank”`, search for:
target=”_blank”
And replace it with nothing (an empty field). Ensure your search is case-sensitive and matches the quotes used in your code. Run this on a copy of your code first to test.
To instead secure all existing `target=”_blank”` links, you need a regular expression (regex) search because you need to find the anchor tags and add the `rel` attribute. A simpler, two-step approach is often safer for beginners.
Two-Step Safe Automation
First, add the secure `rel` attribute to all links that already have a target. Search for:
target=”_blank”
And replace with:
target=”_blank” rel=”noopener noreferrer”
Second, if you want to *change* the behavior so that *only* external links open in a new, secure tab, you need a more advanced approach, typically involving JavaScript or a build-time processing tool. This is where many developers opt for a programmatic solution.
Removing Target Tags in WordPress
WordPress requires a mix of approaches because content lives in the database, not just files.
For content in posts and pages, use a trusted search and replace plugin. Install and activate “Better Search Replace.” Go to Tools > Better Search Replace. In the “Search for” field, enter `target=”_blank”`. In the “Replace with” field, enter nothing to remove it, or enter `target=”_blank” rel=”noopener noreferrer”` to secure it.
Select your database tables, focusing on `wp_posts` and `wp_postmeta`. Check the “Run as dry run” box first to see what will be changed. If the dry run looks correct, uncheck the box and execute the replacement.
Fixing Your WordPress Theme
Target tags in your theme files require editing those files. Go to Appearance > Theme File Editor in your WordPress dashboard. Be extremely careful here, as errors can break your site.
Common files to check are `header.php`, `footer.php`, `sidebar.php`, and any template files for navigation menus. Look for `target=”_blank”` within `` tags. Edit the file directly in the editor, remove or secure the attribute, and click “Update File.”
A safer, recommended method is to use a child theme. Copy the theme file containing the target tag to your child theme directory, edit that copy, and WordPress will use your modified version.
Using JavaScript to Control Link Behavior
If you cannot easily edit the HTML source—for example, with content from a third-party plugin—you can use JavaScript to intercept clicks and modify behavior. This is a “front-end fix.”
The following script, added to your site’s footer, will find all links with `target=”_blank”` that lack the `rel=”noopener”` attribute and automatically add it for security.
document.querySelectorAll(‘a[target=”_blank”]:not([rel*=”noopener”])’).forEach(link => { link.rel = ‘noopener noreferrer’; });
To completely prevent links from opening in new tabs using JavaScript, you can remove the target attribute entirely from all links:
document.querySelectorAll(‘a[target=”_blank”]’).forEach(link => { link.removeAttribute(‘target’); });
Add this code inside `
