Hiding the WordPress Version

If a weakness is found in the WordPress version 4.2 and it’s patched in the version 4.2.2, the sites determined to be running on the older version can be targets for attacks.

There are a few places from where the WordPress version can be detected:

– generator meta tag in the header (<meta name=”generator” content=”WordPress 4.2.2″ />)
– RSS feed
– Stylesheets and scripts without specified version will add the WP version as default (stylesheet.css?ver=4.2.2)
– default readme file

# For hiding the WordPress version from the header and from the RSS feed, all you need to do is add the following code to your functions.php

function wpsos_remove_wp_version() {
    return '';
}
add_filter('the_generator', 'wpsos_remove_wp_version');

# For hiding the WordPress version from the stylesheet and script links, you can modify links and remove the version, before displaying them in browser by adding the following lines to functions.php

function wpsos_remove_wp_version_links( $src ) {
    global $wp_version;
    //If the version is set in the link and equals the current WP version
    if ( strpos( $src, 'ver=' . $wp_version ) ) {
        //Remove the version arg from the link
        $src = remove_query_arg( 'ver', $src );
}
    return $src;
}
add_filter( 'script_loader_src', 'wpsos_remove_wp_version_links' );
add_filter( 'style_loader_src', 'wpsos_remove_wp_version_links' );

# The default readme.html with information about the WordPress version can be found in http://yoursitename.com/readme.html. In case the file is there, remove it.

Note: it’s still highly recommended to always update to the latest version of WordPress!

Leave a Comment

Your email address will not be published. Required fields are marked *