Remove WordPress Version Meta Tag

Advertising your WordPress version is not a good thing; if your site is out-of-date, malicious users will be able to see that and target your site with exploits specific to the version of WordPress you’re running.

If you have the version of WordPress you’re running publicized on your site, you would do well to remove it — especially if you aren’t one to immediately update your site to the latest, greatest versions. The most common place a theme may display version information to visitors is your footer, so be sure to check there.

A little less obvious, though, is that some themes may display this bit of code “behind the scenes” in the head area of your site, which you’ll most likely be able to find in your theme’s header.php file:

<meta name="generator" content="WordPress <?php bloginfo('version'); ?>" />

You can remove that tag with no adverse affects whatsoever, but if you would still like to continue to give WordPress some love without advertising your version, you can replace the tag with this version-free alternative:

<meta name="generator" content="WordPress" />

What if you don’t see the code in header.php but you still see that the tag is being output on your site? Well, unfortunately, WordPress may output version information as a meta tag into the header of sites. WordPress also includes your version in a variety of other things, including feeds and TrackBack/PingBack functions. All of those things expose your version number, but thankfully the fix is simple enough.

Open your theme’s functions.php file (if it exists; if it doesn’t, see below). Add this bit of code to it:

if (function_exists('wp_generator')) remove_action('wp_head', 'wp_generator');
if (!is_admin()) $wp_version = date('Y');

Users of the incomparable Thesis theme framework should instead be modifying custom/custom_functions.php, not functions.php.

If your theme doesn’t contain a functions.php file, go ahead and create one in your theme folder. You’ll want to paste in the same code as above, but make sure to place <?php on a new line before the code and a ?> on a new line after it, so that your functions.php file contains this:

<?php
if (function_exists('wp_generator')) remove_action('wp_head', 'wp_generator');
if (!is_admin()) $wp_version = date('Y');
?>

This will remove the meta tag from the header of your site, and in your themes and other places, your version will be replaced by the date: “WordPress 2008” instead of “WordPress 2.6.2,” for example.

It may be security through obscurity, but it’s a step in the right direction and is dead-simple to implement!

1 thought on “Remove WordPress Version Meta Tag”

Leave a Comment

Your email address will not be published. Required fields are marked *

Use your Gravatar-enabled email address while commenting to automatically enhance your comment with some of Gravatar's open profile data.

Comments must be made in accordance with the comment policy. This site uses Akismet to reduce spam; learn how your comment data is processed.

You may use Markdown to format your comments; additionally, these HTML tags and attributes may be used: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This site uses Akismet to reduce spam. Learn how your comment data is processed.

the Rick Beckman archive
Scroll to Top