Hack: Remove the WordPress Version Number From Your Site

When you view the source of your WordPress pages, you may notice that the version of WordPress you are using appears in the header. Some believe this can be a security risk, as exploits that work on specific versions of WordPress could determine you site’s version and use that to figure out how to attack it. I haven’t seen any real threat, though. But you may want to remove it anyway.

The code included in your page header looks like this:

<meta name="generator" content="WordPress 5.1.1" />

So the meta tag is called generator. And there is a hook for that. By filtering the_generator you can set it to nothing. Then the line doesn’t appear at all, since there is no data. Add it to your functions.php or custom plugin.

add_filter('xthe_generator', 'wpfilter_generator');
function wpfilter_generator() {
     return '';

The nice thing about this code is that it removes the generator from the web pages and from your feeds. Others will suggest using this one line addition instead:

remove_action('wp_head', 'wp_generator');

But the problem here is that the generator remains in your RSS feeds. If you are removing this for security reasons, then I don’t know why you would want to keep it in your feeds.

Leave a Reply

Your email address will not be published. Required fields are marked *