It is better to remove WordPress version number for security purpose because the version number publicly available makes it easy for attackers to exploit known vulnerabilities on a particular WordPress version. However, there are many other ways which hackers use for the attacks. For which we protect WordPress blog from XML-RPC attack and password protect the WP-Admin and wp-login.php file.
How to Remove the WordPress Version Number
By default, WordPress insert the version number to page source by executes the wp_generator()
function whenever the wp_head()
hook is called. If you see yours active theme’s header.php file you can get following line in <head> section <?php wp_head(); ?> which outputs the following code to your page source
<link rel="EditURI" type="application/rsd+xml" title="RSD" href="https://netzole.com/xmlrpc.php?rsd" /> <link rel="wlwmanifest" type="application/wlwmanifest+xml" href="https://netzole.com/wp-includes/wlwmanifest.xml" /> <meta name="generator" content="WordPress 4.2.1" />
We can easily remove the WordPress Version Number by adding the following code to active theme’s function.php file.
remove_action('wp_head', 'wp_generator');
Now go to your page source and there is no WordPress version number.