How to Remove the WordPress Version Number

It is better to remove WordPress version number for security purpose because the version number publicly available makes it easy for attackers to exploit known vulnerabilities on a particular WordPress version. However, there are many other ways which hackers use for the attacks.  For which we protect WordPress blog from XML-RPC attack and password protect the WP-Admin and wp-login.php file.


By default, WordPress insert the version number to page source by executes the wp_generator() function whenever the wp_head()hook is called. If you see yours active theme’s header.php file you can get following line in <head> section <?php wp_head(); ?> which outputs the following code to your page source

<link rel="EditURI" type="application/rsd+xml" title="RSD" href="" />
<link rel="wlwmanifest" type="application/wlwmanifest+xml" href="" />
<meta name="generator" content="WordPress 4.2.1" />

We can easily remove the WordPress Version Number by adding the following code to active theme’s function.php file.

remove_action('wp_head', 'wp_generator');

Now go to your page source and there is no WordPress version number.