By default, WordPress leaves version number on the source code of your WordPress website. The main purpose of the version number is for tracking. If you don’t update WordPress regularly, this footprint may be a security leak and provides useful information for the hackers.
If you are running your website on the recent version of WordPress, you don’t need to worry about it. This tutorial is especially for those lazy guys who still run their website on the older version of WordPress.
How Hackers Find WordPress Version of Your Site?
By Default WordPress Leaves it’s Version Number in the Following places.
- Meta Generator Tags in Header Section
By default, WordPress places its version number in Meta Generator tags of your website header section. This tags would look like this.
<meta name="generator" content="WordPress 4.7.3" />
- Generator Tags in RSS Feed
The WordPress Version Number can be found under generator tags in the source code of your RSS feed. You can access your sites RSS feed by simply navigating to yourdomain.com/feed. This footprint will look like this.
<generator>https://wordpress.org/?v=4.7.3</generator>
- Query strings on scripts and styles
Most of the WordPress Scripts and Styles append the version at the end of URL. If you don’t mention version number for Styles and Scripts when enqueueing them, it automatically uses the current version of WordPress. You can find the query strings by simply inspecting the page source and it will be similar to the following line.
<link rel='stylesheet' id='yarppWidgetCss-css' href='http://www.wpera.net/wp-content/plugins/yet-another-related-posts-plugin/style/widget.css?ver=4.7.3' type='text/css' media='all' />
- WordPress Readme.html file
By default WordPress installation creates a readme.html file in your root directory. This readme.html file contains WordPress version, installation instructions, system requirements etc. You can access this file by entering yourdomain.com/readme.html on your browser.
EX: http://www.wpera.net/readme.html
These are the 4 ways you can find the version number of WordPress website.
How to Remove WordPress Version Number?
To remove WordPress version number from your site, you need to follow the below steps.
1. Remove WordPress Version from Source Code
To Remove the WordPress version number from the source code of your website, just add the below code in your themes functions.php file.
/* Removes WordPress Version from the generator tags in your header and RSS feed*/
function remove_version_info() {
return '';
}
add_filter('the_generator', ' remove_version_info ');
/* Hide WordPress version query strings from scripts and styles */
function remove_wp_version_strings( $src ) {
global $wp_version;
parse_str(parse_url($src, PHP_URL_QUERY), $query);
if ( !empty($query['ver']) && $query['ver'] === $wp_version ) {
$src = remove_query_arg('ver', $src);
}
return $src;
}
add_filter( 'script_loader_src', 'remove_wp_version_strings' );
add_filter( 'style_loader_src', 'remove_wp_version_strings' );The above code completely removes WordPress version number from head section, RSS feed and query string of js and CSS files.
2. Remove Readme.html File
- You can delete readme.html file by log into cPanel and select file manager. A new file manager window will be open.
- Now navigate to the root directory of your WordPress installation and select the readme.html file and click Delete.
- This deletes the readme.html file from your website.
You can do the above steps by using FTP client FileZilla.
That’s all guys. In This way, you can completely remove version number footprint from our WordPress website.
Note: I always recommend you to use the latest version of WordPress with a strong password.
