It is better to remove WordPress version number for security purpose because the version number publicly available makes it easy for attackers to exploit known vulnerabilities on a particular WordPress version. However, there are many other ways which hackers use for the attacks.  For which we protect WordPress blog from XML-RPC attack and password protect the WP-Admin and wp-login.php file.

How to Remove the WordPress Version Number

How to Remove the WordPress Version Number

By default, WordPress insert the version number to page source by executes the wp_generator() function whenever the wp_head()hook is called. If you see yours active theme’s header.php file you can get following line in <head> section <?php wp_head(); ?> which outputs the following code to your page source

<link rel="EditURI" type="application/rsd+xml" title="RSD" href="http://netzole.com/xmlrpc.php?rsd" />
<link rel="wlwmanifest" type="application/wlwmanifest+xml" href="http://netzole.com/wp-includes/wlwmanifest.xml" />
<meta name="generator" content="WordPress 4.2.1" />

We can easily remove the WordPress Version Number by adding the following code to active theme’s function.php file.

remove_action('wp_head', 'wp_generator');

Now go to your page source and there is no WordPress version number.

Pin It on Pinterest

Shares
Share This