If you’re looking to hide the publicly displayed version of WordPress you’re currently running, this trick will certainly help you go stealth.
Why would this be useful?
Some people prefer to keep the type of software they use to power their website private. This helps in doing so.
In addition, it adds another layer of security from malicious bots comb the web looking for websites to target. One of their criteria is looking at WordPress version numbers (and web server versions for that matter). If it can’t find your WP version number, it’ll likely move on.
Will this prevent my site from being hacked?
While this will help deter would-be attackers from targeting your site, it by no means will completely prevent an attack from occurring.
There have been previous WordPress vulnerabilities identified and patched so your best protection is to always keep your WordPress and plugins up-to-date.
Plugins, however, are much more susceptible to exploits which is why we always review plugin source code before using it on appthemes.com. A good example is the recent TimThumb plugin exploit that affected thousands of websites. A quick search in our server logs showed multiple attempts to locate a TimThumb script (which didn’t exist).
If you aren’t a developer, then reviewing source plugin code is not an option. Instead, make sure the plugin has good reviews and has been downloaded at least a few hundred times.
How do I remove the version number?
Now that we’ve educated you a bit on WordPress security, here’s how to remove it from the front-end code on your site. It can be found in both your header (meta tag & script/css urls) and RSS feeds.
If you view your websites’ source code, you’ll see a meta tag like so. This identifies your site as using WordPress and the version number. Say hello and goodbye because we’ll be removing it.
<meta name="generator" content="WordPress 3.4.1" /> |
Add the following code to your theme’s functions.php file.
// remove wp version meta tag and from rss feed function at_remove_wp_ver_meta_rss() { return ''; } add_filter( 'the_generator', 'at_remove_wp_ver_meta_rss' ); |
Next, we’ll want to remove the version number (ver=3.4.1) from any javascript and css urls. If you view your websites’ source code again, you’ll probably see something like this:
<link rel='stylesheet' href='/wp-includes/css/admin-bar.css?ver=3.4.1' type='text/css' /> |
You’ll notice the version number is being appended to the url. Below the code you pasted from above, add the following to your functions.php file.
// remove wp version param from any enqueued scripts function at_remove_wp_ver_css_js( $src ) { if ( strpos( $src, 'ver=' ) ) $src = remove_query_arg( 'ver', $src ); return $src; } add_filter( 'style_loader_src', 'at_remove_wp_ver_css_js', 9999 ); add_filter( 'script_loader_src', 'at_remove_wp_ver_css_js', 9999 ); |
That should take care of any WordPress version numbers from blatantly being displayed. If you still see them in the urls, it’s likely that your current theme or plugin(s) aren’t correctly loading scripts.
They should be using wp_enqueue_script() and/or wp_enqueue_style(). Either the plugin/theme developer needs to change it or stop using the plugin/theme.
Why doesn’t AppThemes remove the version number?
Because we’re invincible to all threats near and far. We wear our WordPress colors with pride and have no problems displaying the version of WordPress we run.
Jokes aside, we’re a team of WordPress developers who work with the latest version of WordPress daily. Anytime an update is rolled out, we know days ahead of time and always keep our site updated.
The moral of the story is to always keep your WordPress and plugins up-to-date. Luckily WordPress makes it easier than ever (one-click incremental updates) to keep your site safe and secure. Also having a backup strategy is important which we’ll cover in another tutorial.
Like this tutorial? Subscribe and get the latest tutorials delivered straight to your inbox or feed reader.