The Right Way to Remove WordPress Version Number

Posted on January 23rd, 2010 by in Tutorials | 28 Comments  
The Right Way to Remove WordPress Version Number

By default WordPress leaves it’s footprints on your site for the sake of tracking. That is how we know that WordPress is the World’s largest Blogging platform. But sometimes this footprint might be a security leak on your site if you are not running the most updated version of WordPress. Because you are providing the hacker with the useful information by telling them which version you are running.

If you are running the most up to date version of WordPress, which we recommend you do, then you do not have to worry about this tutorial at all. But if for some reason you are not, then it is in your best interest to follow this tutorial.

There are many ways to get rid of the WordPress version number from your header. But there is only one correct way to do this.

Some sites will recommend that you open your header.php file and get rid of this code:

<meta name="generator" content="WordPress <?php bloginfo('version'); ?>" />

Or others will recommend that you open your functions.php and add the following function:

remove_action('wp_head', 'wp_generator');

But both of these ways are offering you an incomplete solution. These ways will simply remove the WordPress version number from your head area. So if someone views your website source, they will not be able to see the version.

But a smart hacker who knows about WordPress will simply go to your RSS Feeds, and they will find your version number there because neither of the above codes will remove that number.

In order for you to completely remove your WordPress version number from both your head file and RSS feeds, you will need to add the following function to your functions.php file:

function wpbeginner_remove_version() {
return '';
}
add_filter('the_generator', 'wpbeginner_remove_version');

By adding this version, you will remove the WordPress version number from all different areas on your site. Above is the right way to remove WordPress Version number.

Note: We still recommend that you update to the latest version of WordPress because that is the only guaranteed way to keep your blog protected.

About

Editorial Staff at WPBeginner mainly Syed and David.

What's Next

Get WPBeginner Articles in your Inbox:

Related Posts
  1. How to Exclude Pages from the Menu in WordPress
  2. How to Change Private and Protected Posts Prefix in WordPress
  3. How to Disable Trackbacks and Pings on Existing WordPress Posts
  4. How to Add Post Thumbnail to your WordPress RSS Feeds
  5. How to Display Link Description with Blogroll in WordPress
Post comment as
twitter logo facebook logo
Sort: Newest | Oldest
brasofilo
brasofilo 5 pts

i wanted to keep the generator without the version number, so i'm returning <meta name="generator" content="WordPress" /> instead of an empty string...

is this correct?

share
  • spam
  • offensive
  • disagree
  • off topic
 Like
Nacin

Removing the generator code has nothing to do with security, frankly. If someone is targeting your site in particular, there are other effective ways to determine a version number. If it's just a malicious script, it's going to try every exploit that has ever worked regardless of your version. Indeed, we have never seen an exploit script attempting to do version detection.

Also, the statement "While plugins are great, they somewhat slow your site down," is a bit misleading in this context, I feel. Yes, a lot of plugins that do heavy-lifting will increase drag on a server. But a good amount of core uses the Plugin API to hook into itself, using the same methods as a plugin. And adding this code to functions.php is doing the same thing.

share
  • spam
  • offensive
  • disagree
  • off topic
 Like
N1NJA

Thanks dude worked like a charm thanks again keep up the good work :)

share
  • spam
  • offensive
  • disagree
  • off topic
 Like
Smashing Share

Thats really great tip. Working perfect! Thanks

share
  • spam
  • offensive
  • disagree
  • off topic
 Like
topdown

It still leaves the version in the RSS source
http://wordpress.org/?v=2.9.1

share
  • spam
  • offensive
  • disagree
  • off topic
 Like
Editorial Staff

Do you have a screenshot? Because we activated this function on a few sites and it didn't show.

share
  • spam
  • offensive
  • disagree
  • off topic
 Like
Chuck Reynolds

The only thing that bothers me about this is that it leaves the line open in the header... not normally an issue but my ocd hates that part :)

share
  • spam
  • offensive
  • disagree
  • off topic
 Like
Brian

I was using the remove_action method. Can't thank you enough :)

share
  • spam
  • offensive
  • disagree
  • off topic
 Like
Ray

Realized that the "Secure WordPress" plugin already does that for you and more. Assuming most people would be interested in securing their Wordpress (not just hiding the version number), it would be better to make use of that plugin to do all these for you.

Incidentally, I got to know of the Secure Wordpress plugin via wpbeginner. http://www.wpbeginner.com/wp-tutorials/11-vital-ti...

Nice work guys! Keep on writing!

share
  • spam
  • offensive
  • disagree
  • off topic
 Like
Editorial Staff

While plugins are great, they somewhat slow your site down. Why use a plugin if it can be done with a simple function in your functions.php file. But yes Secure WordPress plugin does that as well on all versions older than 2.4.

share
  • spam
  • offensive
  • disagree
  • off topic
 Like
Ray

Would have to agree with you on that: just modding the functions.php would be more efficient than adding a plugin just to remove the version number.

share
  • spam
  • offensive
  • disagree
  • off topic
 Like
Nick

Ok, I've found the error.

You must add the created function in the plugin.php file and not in the function.php file.

share
  • spam
  • offensive
  • disagree
  • off topic
 Like
Editorial Staff

The whole idea for this code is so you don't have to edit any core files. If you edit plugin.php whenever you next update WordPress it will come back.

share
  • spam
  • offensive
  • disagree
  • off topic
 Like
Nick

Ok the error was mine, I was modifying the wrong function.php file.
The correct one is function.php inside the theme directory and not the one in the core.

Thank you!!!

share
  • spam
  • offensive
  • disagree
  • off topic
 Like
Nick

It's strange, it gives me the error:
Call to undefined function: add_filter()

But I've checked the plugin.php file and I have obviously the add_filter() funciont defined.

Any suggestion? Ths.

share
  • spam
  • offensive
  • disagree
  • off topic
 Like
Editorial Staff

Did you copy and paste the code exactly from this site? It has to be inside php tags.

share
  • spam
  • offensive
  • disagree
  • off topic
 Like
Djolhan

It's a nice tips, thanks a lot ! Probably the best way to remove it !

share
  • spam
  • offensive
  • disagree
  • off topic
 Like
Duncan

Great tip! nice to see a complete fix tutorial out there.

share
  • spam
  • offensive
  • disagree
  • off topic
 Like
Roseli A. Bakar

I'm sure a lot of bloggers doesn't know how to remove the wordpress version correctly, this post is a great help.

share
  • spam
  • offensive
  • disagree
  • off topic
 Like
Cayo Medeiros aka. yogodoshi

Will it remove only the version number or the "WordPress" name too?

share
  • spam
  • offensive
  • disagree
  • off topic
 Like
Editorial Staff

It will remove both. The entire generator code.

share
  • spam
  • offensive
  • disagree
  • off topic
 Like
Tweets about us: