Increased WordPress Security: Removing Your Version Number

Because WordPress is such a popular publishing platform, WordPress security is quickly becoming a hot topic. Unfortunately, in the world of online security, there are no 100% solutions. Instead, what we are really looking to do is make our sites more difficult to compromise by closing up some of the security holes that presently exist. For every hole that is plugged, our site becomes a little more secure.

Today’s Hole – Version Numbers

Remember, the types of hackers that most small businesses should be afraid of are the hackers looking to exploit sites and servers to do their evil plots (phishing scams, etc). These guys (and gals) have tons of scripts sitting “at the ready” and most of them are designed to work on specific versions of software. So if the hacker knows what version you have running your site – he/she will know exactly where they can exploit your site to take control and begin to wreak havoc.

Most places will instruct you to remove the version from the header.php file in WordPress but this isn’t the only place it shows up. Depending on your theme and version it can also show up in your RSS feeds, among other places. The proper way to get rid of this is to eliminate the version number from the entire site.

By adding the following 4 lines of code to the functions.php script in your theme directory, you can completely remove the version number from all “generator” tags.

The first three lines create a function called “remove_version” that basically returns a blank value. The 4th line adds a filter:

function remove_wp-version() {
return '';
add_filter('the_generator', 'remove_wp-version');

This way, instead of having to look at all of the different possible locations for the version, you use a core function to eliminate it completely.

comments powered by Disqus

Ready to make a lasting impression with your website and take your business to the next level?