How To: Remove the version from WordPress
Ok, you’ve read this title and thought, “Why would I want to remove the version from WordPress…in fact, what does he even mean!?”. By default, WordPress (since version 2.5+) includes the version of WordPress you are using in the HTML code of your site, and does not have an option to remove it.
If you view the source code of your site after you’ve loaded it up in your favorite browser you’ll see a line like so:
<meta name="generator" content="WordPress 3.0">
This seems harmless right? The first rule of security is to be obscure. This means giving people as little information about your configuration as possible. With the version number, it’s possible to narrow down possible exploits. In previous versions of WordPress (before 2.5) it was easy to just remove this from the theme’s header.php file. Well, that’s not the case anymore. Now it’s built into the WordPress Core and you have two options to remove it. First is to go into the functions.php file and pass a “blank” version by adding the following to the bottom of wp-includes/general-template.php but before the closing PHP tag (?>):
function i_want_no_generators()
{
return '';
}
add_filter('the_generator','i_want_no_generators');
Apply those changes, and save the file and you no longer have a version number reporting. Have no fear, the version will still report inside of the admin backend.
Alternatively, if you feel you need more security and don’t want to start messing with the WordPress core than this there is a great plug-in called Secure WordPress. This plug-in offers a wide array of security enhancements that include:
- Removing error-information on login-page
- Adds index.php plugin-directory (virtual)
- Removing the wp-version, except in admin-area
- Removing Really Simple Discovery
- Removing Windows Live Writer
- Removing core update information for non-admins
- Removing plugin-update information for non-admins
- Removing theme-update information for non-admins (only WP 2.8 and higher)
- Hids wp-version in backend-dashboard for non-admins
- Adds string for use WP Scanner
- Blocks bad queries
- Validates your site with a free malware and vulnerabilities scan with SiteSecurityMonitor.com
Have questions, bugs, or feature suggestions? Visit our Facebook page and submit it in the
Discussions