The WPMU DEV Blog

How to Hide Your WordPress Version Number

Tutorials

By Raelene Morey 28 Sep 2014
12 comments
Hide Your WordPress Version Number

WordPress can track your site, thanks to the footprints it leaves in its software that let the outside world know what version of WordPress you are using.

If you don’t regularly update WordPress, these footprints may be a security leak, though simply hiding your version of WordPress is not enough by itself to protect you from potential threats.

Nevertheless, you may want to be vigilant when it comes to security and remove all traces of your version of WordPress anyway.

In today’s Weekend WordPress Project I’ll show you how to easily hide your version of WordPress from prying eyes.

Hide WordPress
Find out how to hide your version of WordPress.

The WordPress version number appears in three areas on your site:

  • The generator meta tag in the header
<meta name="generator" content="WordPress 4.0" />
  • Query strings on scripts and styles

If a script or style doesn’t specify a version number when enqueued, the current version of WordPress is used instead.

subscriptions.css?ver=4.0
  • The generator tag in RSS feeds
<generator>http://wordpress.org/?v=4.0</generator>

To hide your version of WordPress in all three areas, simply add the following code to your functions.php file:


/* Hide WP version strings from scripts and styles
* @return {string} $src
* @filter script_loader_src
* @filter style_loader_src
*/
function fjarrett_remove_wp_version_strings( $src ) {
global $wp_version;
parse_str(parse_url($src, PHP_URL_QUERY), $query);
if ( !empty($query['ver']) && $query['ver'] === $wp_version ) {
$src = remove_query_arg('ver', $src);
}
return $src;
}
add_filter( 'script_loader_src', 'fjarrett_remove_wp_version_strings' );
add_filter( 'style_loader_src', 'fjarrett_remove_wp_version_strings' );

/* Hide WP version strings from generator meta tag */
function wpmudev_remove_version() {
return '';
}
add_filter('the_generator', 'wpmudev_remove_version');

This code will strip your version number from all three areas of your site. Check your site’s page source before and after adding the code to see how it works.

As I mentioned above, this is certainly not a thorough method for improving security on your site. The only way to ensure your site is secure is to maintain an up-to-date version of WordPress, and also to have a strong username and password

All the good WordPress stuff, once every two weeks

Subscribe

Leave a comment