Hiding the WordPress Version

If a weak­ness is found in the Word­Press ver­sion 4.2 and it’s patched in the ver­sion 4.2.2, the sites deter­mined to be run­ning on the old­er ver­sion can be tar­gets for attacks.

There are a few places from where the Word­Press ver­sion can be detect­ed:

- gen­er­a­tor meta tag in the head­er (<meta name=“generator” content=“WordPress 4.2.2” />)
— RSS feed
— Stylesheets and scripts with­out spec­i­fied ver­sion will add the WP ver­sion as default (stylesheet.css?ver=4.2.2)
— default readme file

# For hid­ing the Word­Press ver­sion from the head­er and from the RSS feed, all you need to do is add the fol­low­ing code to your functions.php

function wpsos_remove_wp_version() {
    return '';
}
add_filter('the_generator', 'wpsos_remove_wp_version');

# For hid­ing the Word­Press ver­sion from the stylesheet and script links, you can mod­i­fy links and remove the ver­sion, before dis­play­ing them in brows­er by adding the fol­low­ing lines to functions.php

function wpsos_remove_wp_version_links( $src ) {
    global $wp_version;
    //If the version is set in the link and equals the current WP version
    if ( strpos( $src, 'ver=' . $wp_version ) ) {
        //Remove the version arg from the link
        $src = remove_query_arg( 'ver', $src );
}
    return $src;
}
add_filter( 'script_loader_src', 'wpsos_remove_wp_version_links' );
add_filter( 'style_loader_src', 'wpsos_remove_wp_version_links' );

# The default readme.html with infor­ma­tion about the Word­Press ver­sion can be found in http://yoursitename.com/readme.html. In case the file is there, remove it.

Note: it’s still high­ly rec­om­mend­ed to always update to the lat­est ver­sion of Word­Press!