Hiding your WordPress Version

Did you know that WordPress shows the version number that it is running on in the source code of your blog?

It looks something like this:

<meta name=”generator” content=”WordPress 3.2.1″ />

Like most programs, WordPress often issues updates not just to add new features, but also to fix security problems.

So knowing which version of WordPress you are running, means that a hacker knows which security vulnerabilities your site has, if it’s not the latest version.  The trouble is, sometimes it can take a few days before you update your site, especially if you are running a lot of plug-ins and want to make sure that they are all compatible.

Which is why it makes sense to hide your WordPress version.

Luckily there is a plug-in that can do this for you and it is called “Remove WP Version Everywhere”.  It’s in the WordPress repository, so you can install it from within the administrator dashboard.

There are no settings, just activate it and you should find that the version number disappears from your source code.  Do check it to make sure!

However there are a couple of exceptions that you may come across.

The first is if you are using a really old theme, one that was created in WordPress 2.4 or earlier.  Then you might find this in one of the files, eg. header.php:

<meta name=”generator” content=”WordPress <?php bloginfo(‘version’); ?>” />

In which case it is manually adding the WordPress version to your code, so you’ll need to remove the line as the plug-in will not have any effect.

The second is a plug-in called Shortcode Kid which, whilst being a good plug-in to add special effects to your blog posts, also insists on using a parameter in its own meta data showing the version number.  I have no solution for this, other than dropping the plug-in or hoping that the hackers don’t spot this and are just looking for the generator code.

If you have activated the plug-in, checked out your theme file and still see the version number displayed, then leave a comment below the post or contact me so that we can find out why.

About Graham Tappenden

Graham Tappenden is a blogger from Germany. He has written code for WordPress themes since 2006 and been creating websites since 1994.
This entry was posted in Plug-ins, Security. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *