Home Blog WordPress Management How to Hide the WordPress Version from the Generator Meta Tag

Hiding WordPress Version from Meta Tag

How to Hide the WordPress Version from the Generator Meta Tag

An out of the box installation of WordPress discloses the version number in the Generator meta tag and in the RSS feeds. Therefore everyone who accesses your website knows what software you are running and which version. This article explains how to hide the WordPress version from the generator meta tag and from the RSS feeds generated by WordPress.

WP White Security Tip: This article is for educational purposes only. By hiding the version of WordPress you do not improve the security of your WordPress. It is always recommended to run the latest version of WordPress to ensure malicious hackers do not exploit known vulnerabilities and hack into your WordPress blogs and websites.

WordPress Version Disclosure in the Generator Meta Tag and RSS Feed

By default WordPress uses the Generator meta tag in the website’s html <head> section to disclose the version number, as seen in the below example:

&amp;amp;amp;amp;amp;lt;meta name=&amp;amp;quot;generator&amp;amp;quot; content=&amp;amp;quot;WordPress 3.5.1&amp;amp;quot; /&amp;amp;amp;amp;amp;gt;

To check if the version of your WordPress is being disclosed or not; navigate to your website, right click anywhere on the website, select “View Page Source” and search for the word generator. The Generator meta tag can be found in the HTML head section, which is all the text in between the <head> and </head> HTML tags.

WordPress also discloses the version number in the default WordPress RSS feed as seen in the below example:

https://wordpress.org/?v=3.5.1

To check if WordPress is disclosing the version in the RSS feed, navigate to your website, add /feed/ or /feed=rss at the end of the URL and search for the word generator. E.g. www.WP White Security.com/feed/.

Hide WordPress Version Number from Generator Meta Tag

To hide the WordPress version number from Generator meta tag, add the below line of code at the bottom of the activated WordPress theme’s file functions.php. WordPress themes can be found in the /wp-content/themes/ directory.

remove_action('wp_head', 'wp_generator');

Hide WordPress Version Number from the RSS Feeds

To hide the WordPress version number from the default RSS feeds, add the below code at the bottom of the activated WordPress theme’s file function.php.

function remove_wp_version_rss() {
return'';
}

add_filter('the_generator','remove_wp_version_rss');

Once you update your functions.php file, refresh the page and you should not find the word generator in the page’s source.


10 thoughts on “How to Hide the WordPress Version from the Generator Meta Tag

    1. Hey Andy,

      Please have in mind that this article is for educational purposes only.

      By hiding the version of WordPress, you do not improve the security of your WordPress. It is always recommended to run the latest version of WordPress to ensure malicious hackers do not exploit known vulnerabilities and hack into your WordPress blogs and websites.

      Also, note that this is hiding the version only from the generator meta tag, but the version can still be seen on other places.

      Hope the above helps.

      Cheers,
      Rado

      1. This is interesting. I think it is good for security so any bots scraping for vulnerable versions of WP won’t pick up the version number. Where else is it located?

        1. Thank you for your comment Dan. As explained in the article, this is for educational purposes only. You shouldn’t hide the version of WordPress as a security measure as you will end up playing a cat and mouse game. The best way to protect your website against such threat is to keep the website up to date.

    1. Hello Ali,

      Thanks for reaching out!

      Please note that this article is for educational purposes only and by hiding the version of WordPress you do not improve the security of your website.

      As mentioned in the article, keep in mind that it’s always recommended to run the latest version of WordPress to ensure malicious actors do not exploit known vulnerabilities and hack into your WordPress blogs and websites.

      Regards

    1. Hey Bobby,

      Thanks for letting us know.
      We are aware of that and as explained in the article, this doesn’t improve the security of your WordPress website.

      For more information, check the link in the article.

      Regards,


Leave a Reply

Your email address will not be published. Required fields are marked *

Stay in the loop

Subscribe to the Melapress newsletter and receive curated WordPress management and security tips and content.

Newsletter icon

It’s free and you can unsubscribe whenever you want. Check our blog for a taste.

Envelope icon

Gain insights into your WordPress sites like a pro with our comprehensive guide to WordPress oversight

Close
The Ultimate Guide to WordPress Oversight

 Boost your sites’ security and management! Download our free eBook on WordPress oversight.

Uploading WP 2FA as a zip file in WordPress
WP 2FA in the WordPress plugin repository
Close

Installing WP 2FA Free

Congratulations on taking the first step towards enhancing your WordPress site's security with WP 2FA Free! You're now on your way to protecting your valuable data and ensuring peace of mind. No coding or technical knowledge is required.

 

Below are two ways to install WP 2FA on your website:

Go to your plugin dashboard on your site, then go to "Add New", and then search for WP 2FA.

Download the WP 2FA plugin zip, then select upload in your plugin dashboard under "Add New".

OPTION 1

OPTION 2

Uploading CAPTCHA 4WP as a zip file in WordPress
CAPTCHA 4WP in the WordPress plugin repository
Close

Installing CAPTCHA 4WP Free

Well done you. You're one step closer to safeguarding your WordPress website from spam and automated attacks with CAPTCHA 4WP. You'll be able to effortlessly integrate CAPTCHA into your forms and enjoy a website with enhanced security.

 

Below are two ways to install CAPTCHA 4WP on your website:

Go to your plugin dashboard on your site, then go to "Add New", and then search for CAPTCHA 4WP.

Download the CAPTCHA 4WP plugin zip, then select upload in your plugin dashboard under "Add New".

OPTION 1

OPTION 2

Uploading WP Activity Log as a zip file in WordPress
WP Activity Log in the WordPress plugin repository
Close

Installing WP Activity Log Free on your website

You deserve a pat on the back for choosing to record user actions and changes on your website. That is the first step towards better user accountability, easier troubleshooting of website security, and many other benefits of issues.

 

Below are the two ways to install WP Activity Log on your website:

Go to your plugin dashboard on your site, then go to "Add New" and then search for WP Activity Log.

Download the WP Activity Log plugin zip, then select upload in your plugin dashboard under "Add New".

OPTION 1

OPTION 2

Uploading Melapress Login Security as a zip file in WordPress
Melapress Login Security in the WordPress plugin repository
Close

Installing Melapress Login Security Free

Congratulations on taking control of your WordPress website's security by implementing robust login and password policies with Melapress Login Security. You can change your login page URL, limit failed login attempts, and reset passwords.

 

Below are two ways to install Melapress Login Security on your website:

Go to your plugin dashboard on your site, then go to "Add New" and then search for Melapress Login Security.

Download the Melapress Login Security plugin zip, then select upload in your plugin dashboard under "Add New".

OPTION 1

OPTION 2