WordPress Security

[Plugin+Manual method] How to Hide WordPress Version Number in Your Website?

Updated on: March 29, 2020

[Plugin+Manual method] How to Hide WordPress Version Number in Your Website?

Knowing your WordPress version number I can list all the known vulnerabilities in it. So can a hacker. It goes without saying that, it becomes very easy for a hacker to hack you if he knows what you are vulnerable to.

Further, lists of the WordPress version number against the known vulnerability in it are too easily available online. Hence, WordPress security best practices always include hiding the WordPress version number. And, so should you. You will be surprised to know how small precautions like hiding the WordPress version number can enhance your WordPress security.

In this post, we will provide practical solutions that you can easily apply to hide the WordPress version number. But before that let’s find out how displaying your WordPress version number leaves your site vulnerable.

The Risk in Displaying the WordPress Version Number

All security experts advise against revealing sensitive information to the public. But, does the WordPress version number count as sensitive information? Well, it does. WordPress version number might not be as sensitive as user details or your login credentials. But it still stores enough information to render your website vulnerable.

Displaying WordPress version number publicly could make you an easy victim of version-targeted-attacks. If you diligently update your website, showing the version number brings no consequence for you. However, if you are using an outdated WordPress version then displaying it might not be a very prudent idea. Hackers exploit known vulnerabilities in specific versions to enter your website.

How does a Hacker Lookup Your Version Number?

If you have not yet hidden your version number, anyone can fetch it via RSS feed, WordPress readme file, page source, etc. I have discussed more about them here.

By viewing your site’ page source

You may not know this, but anyone can look up your WordPress version number by viewing your site’s page source. Here’s how it looks like:

By default, WordPress executes the wp_generator() function whenever the wp_head() hook is called. After processing your page, the wp_generator() function discloses the version like this:

<meta name=”generator” content=”WordPress 2.8.1″ />

By fetching your RSS feed

Another way through which a hacker can see your version number is by fetching your RSS feed. Anyone can run a search with https://www.yourwebsite.com/feed/ and get the result as the following picture depicts,

By searching your readme file

Hackers can also scan your WordPress readme.html file to get to the WordPress version number. Fetching the details of the readme file is somewhat similar to the one we discussed above. Run a search with https://www.yourwebsite.com/readme.html, and the browser will return the request if the site is vulnerable.

Hiding WordPress Version Number with a Click

The WP-Hardening plugin simplifies hiding WordPress version number to another level. You can hide your version number with a click with WP-Hardening.

Here’s how it works:

  1. Install the WP-Hardening plugin.
  2. Activate it.
  3. Now, navigate to the ‘Security Fixers‘ tab.
  4. And just toggle the key next to “Hide version number” and you are done.

In addition to hiding the version number, you can harden several other WordPress security areas with the toggle of a button. It provides a hassle-free method to enhance your WordPress security.

How to Hide WordPress Version Number Manually?

We use the “secure by obscure” mechanism to remove the potential vulnerability. You can hide your WordPress version number through the following ways:

By editing Generator Meta Tag

If you are confident of your coding skills, you can remove the WordPress number manually from the generator meta tag:

  1. Go to the WordPress themes directory. It can be found in /wp-content/themes/
  2. Add the following line of code at the bottom of the activated WordPress theme’s file functions.php.
    remove_action('wp_head', 'wp_generator')

By using version removal function

  1. Go to the WordPress themes directory. It can be found in /wp-content/themes/
  2. Add the below code at the bottom of the activated WordPress theme’s file function.php.
    function remove_version_info() {
    return '';
    }
    add_filter('the_generator', 'remove_version_info');

Note: Do not make any changes in any if you are not completely sure about its function and utility.

If you have questions regarding this, let us know in the comment box, we’ll be happy to answer.

Was this post helpful?

Aakanchha Keshri

Aakanchha is a technical writer and a cybersecurity enthusiast. She is an avid reader, researcher, and an active contributor to our blog and the cybersecurity genre in general. To date, she has written over 200 blogs for more than 60 domains on topics ranging from technical to promotional. When she is not writing or researching she revels in a game or two of CS: GO.
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Inline Feedbacks
View all comments

Psst! Hi there. We’re Astra.

We make security simple and hassle-free for thousands
of websites and businesses worldwide.

Our suite of security products include firewall, malware scanner and security audits to protect your site from the
evil forces on the internet, even when you sleep.

earth spiders cards bugs spiders

Made with ❤️ in USA France India Germany