Coming as the most popular and powerful CMS on the Internet, WordPress always tries its best to bring a safe and comfortable system for businesses to run their websites. To achieve this, the team behind it develops new features and updates via new versions frequently.
It’s recommended to hide your WordPress site version frequently due to security problems. In this article, we’ll guide you on how to hide your WordPress version with 2 methods, manually and using plugins.
But before digging into the details, let’s discuss the risk of having the version of WordPress available and how hackers look up your WordPress number.
How Users and Hackers Can Find Your WordPress Version
There are 3 different ways that visitors or attackers can use to look up your WordPress number. They include viewing your site’s page source, fetching the RSS Feed, and searching your Readme file.
#1 View Page Source
Commonly, anyone can check a WordPress site version by right-clicking on the site, choosing the “View Page Source Option”, then searching for the word “generator.”
It’s placed in the header section, where you can see the WordPress version in the line as below:
<meta name="generator" content="WordPress 4.9.7" />
#2 Check the RSS Feed
Another place containing your WordPress site version is the RSS feed. To fetch the feed, you can type “mysite.com/feed” in your browser and get the result as below:
<generator>https://wordpress.org/?v=4.9.7</generator>
#3 Search Your Readme File
The readme.html file displays your WordPress number right at the top of the page. People can go to yourwebsite.com/readme.html and can easily see it there.
Why Hiding Your WordPress Version
WordPress updates its version commonly not only for offering new powerful versions but also for fixing bug and vulnerability holes.
There is no problem having your WordPress versions available to the public if you update your site regularly. However, in some cases, you may forget this and it creates chances for ill-intentioned users to take advantage of it and attack your site.
When hackers know your WordPress numbers, they can list out of the vulnerability holes, especially when you’re running an old version website. That’s why you need to hide your site version from the public to avoid security risks.
One thing you should notice is that covering the WordPress number doesn’t help tighten your WordPress site. But if you leaving it to be available to everyone, your site becomes a sitting target for attackers.
How to Hide WordPress Version Manually
You have 2 different ways to cover your WordPress version, editing the generator meta tag and using the version removal function. Since a small change in the server can affect the entire site performance, try them only when you’re confident with your coding skills.
#1 Edit Generator Meta Tag
Follow these 2 steps to remove the WordPress version from your generator meta tag:
- Log into your WordPress theme directory and find the /wp-content/themes/ file
- Add this code to the bottom of your WordPress theme’s file functions.php
remove_action('wp_head', 'wp_generator')
Save your changes and that’s all you need to do.
#2 Use Version Removal Function
Similar to the above method, you’re also able to hide your WordPress site version by adding some code to the theme’s file. Still, this code function will be a bit different from the previous one.
- Head to your WordPress theme directory and look for the /wp-content/themes/ file
- Copy the following code and place it at the bottom of your WordPress theme’s file function.php
function remove_version_info() {
return '';
}
add_filter('the_generator', 'remove_version_info');
How to Hide WordPress Number Using Plugins
You’re not techy, are you? So this plugin solution is for you to simplify the process of hiding the WordPress versions. Either Sucuri, WP-Hardening, or the PDA Gold plugin can be a great assistance.
#1 Use Sucuri Plugin for WordPress Version Removal
Without a doubt, Sucuri is the leading WordPress security plugin. It allows you to safeguard your site by monitoring the file integrity, scanning remote malware, monitoring blocklist, and notifying security issues, etc. Sucuri is serving over 800 thousand websites in hardening their security with the satisfaction rate at 4.3/5-star review.
On top of that, the plugin’s free version gives you a helping hand in hiding your WordPress number information automatically. You can get started with the plugin by
- Going to Plugins → Add New in your WordPress dashboard
- Typing “Sucuri” in the keyword box to search for the plugin
- Installing and activating the Sucuri plugin
- Opening Security then choosing Settings in your navigation menu
- Heading to the Hardening tab and enabling the Remove WordPress Version option.
#2 Use WP-Hardening Plugin
Designed for site security audit hardening, WP-Hardening is a real specialized supporter to hide your WordPress version. Thanks to the plugin, you can remove this number with just a click. All you need to do is:
- Install and activate the WP-Hardening plugin for free from the WordPress repository
- Go to the Security Fixers section
- Enable the Hide WordPress Version option at the top of the list
There are other WordPress security areas for you to consider to enhance the site security such as removing the slider revolution meta generator tag or removing the version from the script.
#3 Use PDA Gold Plugin
Prevent Direct Access (PDA) Gold plugin works as a file protection plugin allowing you to secure any of your WordPress media files. Unauthorized users won’t be able to see your private files even though they have the correct URL.
Only certain users with the right role or the file private download links can have access to your images and videos. It’s possible for you to limit access to the file by time as well as clicks.
Besides these powerful features, the plugin gives you the capability to hide the WordPress version right on its Settings page.
- Install and activate the PDA Gold plugin
- Open Prevent Direct Access Gold in the admin sidebar
- Enable the Hide WordPress version option
Ready to Remove Your WordPress Version Number?
It’s dangerous if visitors or hackers know your WordPress versions. They can exploit your site security via known vulnerability holes.
Besides, looking for your WordPress version is just a piece of cake. People can make using the view page source option, check the RSS feed, and search for your readme file.
Depending on your coding skills, you can choose to hide the WordPress number manually or using plugins. The manual method requires you to visit the theme files in your WordPress directory and leave a few lines of code there.
To make it simpler, you can use Sucuri, WP-Hardening, or PDA Gold plugin. Sucuri excels at tightening while WP-Hardening is specially designed for WordPress version removal. On the other hand, the PDA Gold plugin, besides hiding the WordPress version, proves a great tool in protecting your media.
Install PDA Gold now and have your WordPress number removed as well as protecting your precious files!
