How to Remove Your WordPress Version Number to Enhance Security

Improve your WordPress security by learning how to effectively hide/remove your WordPress version number. This snippet provides essential steps for security reasons, making your website more robust against potential threats.

<?php

add_filter('the_generator','_return_empty_string');

function remove_version_from_assets($src) {
    $wp_version = get_bloginfo('version');

    if(strpos($src,'ver='.$wp_version) !== false) {
        $src = remove_query_arg('ver',$src);
    }

    return $src;
}
add_filter('style_loader_src','remove_version_from_assets',9999); 
add_filter('script_loader_src',' remove_version_from_assets',9999);

Quick Steps to Remove WordPress Version Number

Follow these simple steps to remove your WordPress version number using WPCodeBox:

1. Install and activate the WPCodeBox plugin, then navigate to WPCodeBox 2 in your WordPress dashboard.
2. Copy the code snippet above and paste it into the WPCodeBox code editor.
3. Give your snippet a descriptive title (like “Remove WordPress Version Number”), select PHP as the type, then click Save.
4. Enable the snippet by toggling the switch to the active position.
5. Verify the changes by viewing your site’s page source and checking that the version number no longer appears in the generator meta tag or asset URLs.

That’s it! Your WordPress version number is now hidden from public view.

Remove WordPress Version Number – Additional Information

WordPress Version Number and Security Concern

The WordPress version number visible in your website’s source code exposes which specific release you’re running. This allows hackers to cross-reference this information with publicly documented vulnerabilities in security databases like CVE (Common Vulnerabilities and Exposures). When attackers discover your version number, they can immediately identify known exploits for that release and launch targeted attacks, potentially stealing sensitive information, locking you out for ransom, or bringing down your site.

Where WordPress Version Numbers Appear

WordPress version numbers appear in three locations on your website:

Generator Meta Tag: The most common location is in the HTML <head> section of your site, where WordPress automatically inserts a meta tag by default:

<meta name="generator" content="WordPress 6.8.3" />

You can find this by right-clicking on your site, selecting “View Page Source,” and searching for “generator.” This tag is added automatically by WordPress themes unless specifically removed.

Scripts and Styles Query Strings: WordPress appends version numbers as query string parameters to CSS and JavaScript files. These appear as:

subscriptions.css?ver=6.8

The version number can represent different things depending on the context. For WordPress core files, it typically reflects the WordPress version itself.

RSS Feed: WordPress includes version information in your site’s RSS feed using a generator tag:

<generator>https://wordpress.org/?v=6.8.3</generator>

When Version Hiding Makes Sense

While disabling the version number alone can’t be considered a comprehensive security solution, there are several situations where it remains beneficial:

• When combined with other security measures, version hiding adds another obstacle for attackers.
• It can deter low-level automated scanners that primarily target easily identifiable vulnerabilities.
• Some site owners prefer not to advertise their technology stack for competitive or branding reasons.
• Certain security compliance frameworks may recommend hiding version information.