Security Tip: Remove WordPress Version Information

PhotobloggerA well-known tip in the blogosphere regarding WordPress is to remove the WordPress version from your meta-tags that are automatically generated by your WordPress blog.

This information can be used by potential hackers to pinpoint which version of WordPress you are using and can help them find an exploit to start hacking your website.

Since version 2.5, it is not that easy to remove that information anymore, except via a trick in your theme’s function.php file or via a WordPress Plugin.

To manually remove it from your blog, open up your Theme Editor, and find the functions.php.

Add the following code to the file:

<?php 
add_filter( 'the_generator', create_function('$a', "return null;";) );
?>

by Frank from WPengineer in the comments found on wprecipes.com

Or, if you prefer, install a plugin such as Secure WordPress, which Frank also mentions in his comment.

I have also researched alternative solutions and found a few, such as the bs-wp-noversion (not tested) plugin as well as a plugin by Angsuman Chakraborty, named Angsuman’s WordPress Header Info Remover Plugin (also not tested).

You should be aware, that this tip does not SECURE your WordPress blog, it only removes some information which can aid people trying to hack your blog.

3 Comments

  1. doktertomi on 23/06/2009 at 13:36

    Hai… I am thinking about “not remover” but “changer”. So I will get my wordpress version changed to fake version.



    • Lars Koudal on 24/06/2009 at 03:10

      Hi doktertomi

      Good idea, perhaps change it to something else. Perhaps “Joomla v. 3.112” or something like that 🙂 Then you would REALLY confuse any potential hacker 🙂



  2. Nazar on 17/09/2009 at 08:58

    Great post. Thank you for useful information.



Cleverplugins.com Newsletter

Articles about how to improve your WordPress website, how to get more traffic and most importantly more customers.

Subscribe

Something went wrong. Please check your entries and try again.