Removing the WordPress Version

Categories: Blog, Development, WordPress
Tags: , , , , ,

Mar 12
2011

Removing the WordPress version from your website is just a smart thing to do.  Displaying the version number is like telling a burglar that you’re heading out of twon for the weekend and no one’s watching your home.

WordPress updates often and included in those updates are security fixes for previous versions.  So announcing what version of WordPress you are running is just asking to have any security issues exploited.

If you’re designing a custom theme or using a free or paid theme it’s a good idea to strip out any mention of the WordPress version you are using.

The “Not Good” Method

Some sites will recommend that you open up the header.php file and remove the following line:

<meta name="generator" content="WordPress <?php bloginfo('version'); ?>" />

While this will stop WordPress from showing the version inside the header tags in your source code it doesn’t remove it from any other areas it might be shown.

The “Better than Nothing” Method

Other sites will recommend that you use a hook in your functions.php file that looks like so:

remove_action('wp_head', 'wp_generator');

This will do the same thing as the above method but doesn’t cover other areas where the version may be displayed. In fact the WordPress version is still displayed in your website feed.

If you’re not using feeds and their location cannot be found in your source code you should be pretty well set.  I should note too that some WordPress security plugins will remove the version from your feeds as well. But why risk it?

The “Way to Go” Method

The best way to remove the version from all areas on your website is to make sure the generator returns nothing.  This is done by using a hook in your functions.php file located in your theme directory. Open this file and add in the following lines of code (between the opening and closing PHP tags):

// START: Remove WordPress Version
function lc_remove_version(){ return ''; }
add_filter('the_generator', 'lc_remove_version');
// END: Remove WordPress Version

This simple function is just telling WordPress to return an empty string wherever the version would otherwise be displayed.

Conclusion and Notes

Using the “Way to Go” method is the ideal way to go in order to make sure WordPress is not displaying the version number anywhere on your website.  Of course it’s just as important to make sure that you’re staying on top of all the WordPress updates as well.  Just because you’re not showing the version doesn’t mean that you’re 100% secure.

Update

I forgot to mention in this article how a sneaky little WordPress function could still end up showing your WordPress version to the public. For more information and to make sure it doesn’t happen to you please read the follow up article: Removing the WP Version – There’s More.

 

Comments

Leave a comment

 

Leave a comment

Read comments

 



Please do not submit your comment more than once. It will appear once it has been approved.