Remove WordPress Version Number

Login Manager Lock
If you have been looking into WordPress security then you will notice that one of the most common solutions to help improve WordPress security is is remove the version number on your blog.

By default WordPress will output a meta tag in your header which displays the version number of your WordPress blog. But if you don't update your WordPress blog regularly then you could soon have an out dated blog.

Having an out dated blog can cause you some security issues. If a hacker knows what version you are running then they could know the exactly security loopholes to exploit your blog.

Default WordPress Functionality

By default WordPress will output a meta tag which displays the exact version you are running.

<meta name="generator" content="WordPress 3.2.1" />

This gets added by the wp_generator() function which gets ran during the wp_head() hook. This hook should be placed inside your head tag which is why it will output the meta tag here.

WordPress Security Problems

Displaying your WordPress version isn't too much of a problem if you keep WordPress up to date. It can be argued that if you keep your blog up to date then it's better to display your version number to let hackers know that this is the latest version and you must be pretty good to get round the security loopholes so don't bother trying.

If you don't update your blog regularly then this could display to hackers that your blog is running an old version. When new versions get released they will come out with release notes which tell everyone what was changed in certain versions. If a release was put out for security issues then a hacker can use this fix to reverse engineer a security loophole in your WordPress blog and displaying your version number will make it easier for them to search for a hack.

I always keep my blog up to date so I don't mind too much about displaying the version number because it's always going to be the latest version.

How To Remove The Version Number From WordPress

If you do however want to remove the version number from your WordPress blog it's actually quite easy. All you have to do is add a new filter in your functions.php file.

function remove_version_number() {
     return '';
}

add_filter('the_generator', 'remove_version_number');

Or a cleaner, better method to remove this is to just remove the wp_generator() from the wp_head() like this.

remove_action('wp_head', 'wp_generator');

Just place this single line in your functions.php file and your version number will disappear.

Advertise here

Comment