Remove WordPress Version Number

Simply because of it’s adoption rate, WordPress sites have become a huge target for hackers. WP now runs more than 56% of all web sites on the Internet. It’s so awesome and flexible it is used by large corporations and for personal blogs. But it also gets a lot of attention from folks that have nefarious intentions.

One of the things hackers do to find easier targets, is look for WordPress sites running older versions that have known bugs in them. So the wonderful folks at Automattic continually update the WordPress code, not only to add functionality, but to fix bugs and strengthen it against attackers.

So, to state the obvious, one way to stay ahead of being the next victim is to use the latest version of WordPress. However, some of you may feel more comfortable by hiding the version number, something known as security through obscurity.

There are plugins that will do this for you, but they add bloat to your site. This can affect your site’s load times. So you want your site to be as quick and nimble as possible.

An easy way to obscure the WordPress version your site is running is by adding the following code snippet to your Theme Functions (functions.php) file.

// Remove WordPress Version Number
function remove_version() {
return '';
}
add_filter('the_generator', 'remove_version');

After updating the functions.php file, when you right-click and select View Page Source, the version number will not be displayed. Check the site with BuiltWith and again this little trick prevent the WordPress version to be displayed. Try it for this site and other sites.

However, you need to know that there are many other WordPress fingerprints throughout the source code. This is just one of the most obvious and most often used.

There is a ReadMe file, for example, included with every WordPress installation. If you go to http://yourdomain.com/readme.html, you’ll find it there if it hasn’t been removed.

My point is that with a little work, anyone with a little determination can find out what WordPress version is running. This little hack is not a substitute for keeping your WordPress up-to-date. The folks behind the WordPress code take security seriously.

By the way, I allow the outside world to see which version of WordPress I am using as typically I update to the latest stable version within a couple of days of it’s release.