How to Hide Your WordPress Version Number

How to Hide Your WordPress Version Number

WordPress can track your site, thanks to the footprints it leaves in its software that let the outside world know what version of WordPress you are using.

If you don’t regularly update WordPress, these footprints may be a security leak, though simply hiding your version of WordPress is not enough by itself to protect you from potential threats.

Nevertheless, you may want to be vigilant when it comes to security and remove all traces of your version of WordPress anyway.

In today’s Weekend WordPress Project I’ll show you how to easily hide your version of WordPress from prying eyes.

Hide WordPress
Find out how to hide your version of WordPress.

While researching for this article, I came across many solutions, but none as clean as that of developer Frankie Jarrett’s, with a little tweaking by X-Team developer Weston Ruter, and a little bit more tweaking from myself.

The WordPress version number appears in three areas on your site:

  • The generator meta tag in the header
<meta name="generator" content="WordPress 4.0" />
  • Query strings on scripts and styles

If a script or style doesn’t specify a version number when enqueued, the current version of WordPress is used instead.

subscriptions.css?ver=4.0
  • The generator tag in RSS feeds
<generator>http://wordpress.org/?v=4.0</generator>

To hide your version of WordPress in all three areas, simply add the following code to your functions.php file:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
/* Hide WP version strings from scripts and styles
 * @return {string} $src
 * @filter script_loader_src
 * @filter style_loader_src
 */
function fjarrett_remove_wp_version_strings( $src ) {
     global $wp_version;
     parse_str(parse_url($src, PHP_URL_QUERY), $query);
     if ( !empty($query['ver']) && $query['ver'] === $wp_version ) {
          $src = remove_query_arg('ver', $src);
     }
     return $src;
}
add_filter( 'script_loader_src', 'fjarrett_remove_wp_version_strings' );
add_filter( 'style_loader_src', 'fjarrett_remove_wp_version_strings' );

/* Hide WP version strings from generator meta tag */
function wpmudev_remove_version() {
return '';
}
add_filter('the_generator', 'wpmudev_remove_version');

This code will strip your version number from all three areas of your site. Check your site’s page source before and after adding the code to see how it works.

As I mentioned above, this is certainly not a thorough method for improving security on your site. The only way to ensure your site is secure is to maintain an up-to-date version of WordPress, and also to have a strong username and password