Aswin Lutchanah

Hybrid Social Media Specialist + Php/MySql Developer Metz (Développeur Php/MySql Metz) + SEO-SMO

Remove WordPress version and improve your blog security

Wordpress Remove version

Now that you have your WordPress installed on your own server, you think that this is it. You think that you may concentrate on the tedious task of creating awesome content. Between you and me, this is definitely time-consuming but necessary! Don’t forget it! Sorry, but you have more work to do with your WordPress blog. In this blog post, I’ll focus on how to remove WordPress version from your blog to improve your blog security. Note that there are other issues to tackle to have a highly secured WordPress blog. I might write more about it; let me know if you want me to do so in the comments’ section.

However, before we continue, make sure that your blog is up-to-date (not only the WordPress version but also, themes and plugins). An up-to-date WordPress blog has a higher security level but this is not enough. A hacker might exploit associated vulnerabilities by knowing your WordPress version. Let’s see how we can hide your WordPress version from the outside world.

Remove readme.html

The read.html file is located at the root of your website (e.g. http://www.MYBLOG.com/readme.html, replace www.MYBLOG.com with your own domain name). If you can access this page via your browser; anyone can. As you might have guessed already, this is no good. In fact, this page provides a basic information about your installation: WordPress version, installation & upgrade instructions, etc.

Delete the readme.html file!
WordPress adds the readme.html file every time you update to a newer version. Remember to delete it each time you make an update.

Good job! This was the easiest part to hide the one display of the WordPress version! Don’t worry, if you follow my instructions, the next parts should be easy too.

Remove WordPress version in META Generator Tag

WordPress automatically adds the version of your WordPress in the Meta Generator tag. You can check this by having a look at the head section of the page source of any page of your blog. You should find something similar to the HTML code below (X.Y will rather be a decimal number which is your WordPress version).

  1. <meta name=​"generator" content=​"WordPress X.Y"/>

Needless to say that you need to hide this. I’ve prepared a simple function that does it. 💡 The following function not only removes the meta generator tag but also removes the display of the WordPress version from various parts of your website.

  1. function asw_remove_wp_version() {
  2.     return ;
  3. }
  4. add_filter(‘the_generator’, ‘asw_remove_wp_version’);

You are now wondering what you should do with this function, right? For advanced users, you need to add this to the functions.php file in you active themes folder. There’s a high probability that you didn’t design your own WordPress theme. If this is the case, note that it’s a good practice to have a child instance of that theme so that you don’t lose all your modifications every time you update the theme. Anyway, here’s the procedure to add this function to the functions.php file in your active theme folder:

In the admin section of your WordPress, go to Appearance->Editor.
Select your active theme from the dropdown list.
Select Theme Functions (functions.php) on the right column.
Move your cursor at the end of the file and paste the function above.
Press on the Update File button.

You may now go to any page of your blog and check the page source; the WordPress meta generator tag should have disappeared. Think of refreshing your page (just saying 😬).

Remove query strings with WordPress version from static resources

We are almost done. The following function needs to be added to the functions.php file in the same way as above.

But what is the use of this function? 🤔

It will remove your WordPress version in the query strings of your static resources (i.e. script and style files). The WordPress version is automatically added in the query strings of some static files (e.g. http://www.MYBLOG.com/wp-includes/css/dashicons.min.css?ver=X.Y where X.Y is your WordPress version).

  1. function asw_remove_querystring_version($sUrl){
  2.     $aUrl = explode(‘?ver’,$sUrl);
  3.     return $aUrl[0];
  4. }
  5. add_filter(‘script_loader_src’,‘asw_remove_querystring_version’,15,1);
  6. add_filter(‘style_loader_src’,‘asw_remove_querystring_version’,15,1);

That’s all for now! If you liked this article, use the social media share buttons to spread it online. I’ll be very grateful! 🙏🏾

Posted In: PHP, Web Development

Tags: , , , , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

*