Remove WordPress Version Number
Remove WordPress version number from header and RSS feeds for better security
Code
1 // Remove version from head 2 remove_action('wp_head', 'wp_generator'); 3
4 // Remove version from RSS feeds 5 add_filter('the_generator', '__return_empty_string'); 6
7 // Remove version from scripts and styles 8 function remove_version_scripts_styles($src) { 9 if (strpos($src, 'ver=')) { 10 $src = remove_query_arg('ver', $src); 11 } 12 return $src; 13 } 14 add_filter('style_loader_src', 'remove_version_scripts_styles', 9999); 15 add_filter('script_loader_src', 'remove_version_scripts_styles', 9999);
Remove WordPress Version Number
This snippet removes the WordPress version number from various locations in your site, which is a basic security hardening practice. Hiding your WordPress version makes it harder for attackers to target known vulnerabilities in specific versions.
// Remove version from head
remove_action('wp_head', 'wp_generator');
// Remove version from RSS feeds
add_filter('the_generator', '__return_empty_string');
// Remove version from scripts and styles
function remove_version_scripts_styles($src) {
if (strpos($src, 'ver=')) {
$src = remove_query_arg('ver', $src);
}
return $src;
}
add_filter('style_loader_src', 'remove_version_scripts_styles', 9999);
add_filter('script_loader_src', 'remove_version_scripts_styles', 9999);
Why This Matters
Security Through Obscurity: While not a complete security solution, hiding your WordPress version removes one piece of information that attackers can use to target your site.
Professional Appearance: Removing version strings from source code looks more professional and prevents clients or competitors from easily identifying your CMS.
Where to Add This Code
- functions.php: Add to your child theme's functions.php file
- Custom Plugin: Better practice - create a mu-plugin in
/wp-content/mu-plugins/ - Site Plugin: Include in your custom site functionality plugin
Related Snippets
Disable WordPress XML-RPC
Disable XML-RPC to improve security and prevent brute force attacks
// Method 1: Completely disable XML-RPC
add_filter('xmlrpc_enabled', '__return_false');
// Method 2: Block XML-RPC requests
...WordPress Limit Login Attempts
Add brute force protection by limiting failed login attempts
// Limit login attempts
function limit_login_attempts() {
// Get IP address
$ip = $_SERVER['REMOTE_ADDR'];
...Enable SVG Upload Support in WordPress
Safely allow SVG file uploads in WordPress media library
// Enable SVG uploads
function enable_svg_upload($mimes) {
$mimes['svg'] = 'image/svg+xml';
$mimes['svgz'] = 'image/svg+xml';
...