Find and Remove WordPress Version Number to Protect from Hackers

By default, WordPress leaves version number on the source code of your WordPress website. The main purpose of the version number is for tracking. If you don’t update WordPress regularly, this footprint may be a security leak and provides useful information for the hackers.

If you are running your website on the recent version of WordPress, you don’t need to worry about it. This tutorial is especially for those lazy guys who still run their website on the older version of WordPress.

How Hackers Find WordPress Version of Your Site?

By Default WordPress Leaves it’s Version Number in the Following places.

  1. Meta Generator Tags in Header Section

By default, WordPress places its version number in Meta Generator tags of your website header section. This tags would look like this.

<meta name="generator" content="WordPress 4.7.3" />
  1. Generator Tags in RSS Feed

The WordPress Version Number can be found under generator tags in the source code of your RSS feed. You can access your sites RSS feed by simply navigating to yourdomain.com/feed. This footprint will look like this.

<generator>https://wordpress.org/?v=4.7.3</generator>
  1. Query strings on scripts and styles

Most of the WordPress Scripts and Styles append the version at the end of URL. If you don’t mention version number for Styles and Scripts when enqueueing them, it automatically uses the current version of WordPress. You can find the query strings by simply inspecting the page source and it will be similar to the following line.

<link rel='stylesheet' id='yarppWidgetCss-css' href='https://wpera.net/wp-content/plugins/yet-another-related-posts-plugin/style/widget.css?ver=4.7.3' type='text/css' media='all' />
  1. WordPress Readme.html file

By default WordPress installation creates a readme.html file in your root directory. This readme.html file contains WordPress version, installation instructions, system requirements etc. You can access this file by entering yourdomain.com/readme.html on your browser.

EX: https://wpera.net/readme.html

wordpress version number readme.html
Readme.html File

These are the 4 ways you can find the version number of WordPress website.

How to Remove WordPress Version Number?

To remove WordPress version number from your site, you need to follow the below steps.

1. Remove WordPress Version from Source Code

To Remove the WordPress version number from the source code of your website, just add the below code in your themes functions.php file.

/* Removes WordPress Version  from the generator tags in your header and RSS feed*/
function remove_version_info() {
return '';
}
add_filter('the_generator', ' remove_version_info ');

/* Hide WordPress version query strings from scripts and styles */
function remove_wp_version_strings( $src ) {
global $wp_version;
parse_str(parse_url($src, PHP_URL_QUERY), $query);
if ( !empty($query['ver']) && $query['ver'] === $wp_version ) {
$src = remove_query_arg('ver', $src);
}
return $src;
}

add_filter( 'script_loader_src', 'remove_wp_version_strings' );
add_filter( 'style_loader_src', 'remove_wp_version_strings' );

The above code completely removes WordPress version number from head section, RSS feed and query string of js and CSS files.

2. Remove Readme.html File

  • You can delete readme.html file by log into cPanel and select file manager.  A new file manager window will be open.
  • Now navigate to the root directory of your WordPress installation and select the readme.html file and click Delete.
  • This deletes the readme.html file from your website.

You can do the above steps by using FTP client FileZilla.

That’s all guys. In This way, you can completely remove version number footprint from our WordPress website.

Note: I always recommend you to use the latest version of WordPress with a strong password.

I am Divakara Ganesh, Heart and Soul of WPEra. I am a blogging addict, WordPress and Genesis Framework lover, web developer. Apart from blogging, I love to listen music and watch movies.

Leave a Comment