The Correct Way to Remove the WordPress Version to Increase Security

WordPress Version Number
What a WordPress version number looks like on a live WordPress site.

On a default WordPress install, WordPress automatically outputs the current WordPress version number into the “<head>” of your website in what’s called a “meta” tag. While this is helpful for various statistics, it can create a security risk to your WordPress site.

If a hacker knows which version of WordPress a website is running, it can make it easier for a hacker to target a known WordPress security issue. Because of this risk, it is better to remove the WordPress version number to keep your WordPress website secure. Thankfully, this is easy to do.

However, keep in mind that removing the WordPress version number is no substitute for staying up to date with the latest version of WordPress. Be sure to check out our free WordPress tutorial on how to update to the latest version of WordPress

Incorrect ways Remove the WordPress Version Number

Incorrect Method #1

Old versions of WordPress relied on the WordPress theme to input the WordPress version number. So in order to remove the WordPress version number, WordPress site managers had to find the following file in a WordPress Theme’s header.php, and remove it.

<meta name="generator" content="WordPress <?php bloginfo('version'); ?>" />

But now WordPress itself will automatically add the WordPress version number to your WordPress site’s <head>, so WordPress themes do not contain that code anymore so that method of removing the WordPress version number doesn’t work.

Incorrect Method #2

Some websites will tell you the way to remove WordPress’ version number is by adding the following to your WordPress theme’s functions.php

remove_action('wp_head', 'wp_generator');

However, this method is incorrect. While it will remove the WordPress version from your WordPress theme’s head, it is still possible for a hacker to discover your WordPress version by going to your WordPress site’s RSS feeds.

The Correct Way to Remove the WordPress Version Number

Add the following code to your WordPress theme’s functions.php.

function remove_wp_version() { return ''; }
add_filter('the_generator', 'remove_wp_version');

Using this method to remove the WordPress version, you will remove the WordPress version number from your WordPress theme files as well as from the WordPress RSS feed.

WordPress Security and Whiteboard

Be sure to check out the Whiteboard Framework for WordPress, as it already includes this method of removing the WordPress version as well as other security tweaks and many other features to speed up WordPress development.

Follow wpLifeGuard

« Back to Blog