Remove your WordPress version number

WordPress security is a pretty hot topic lately. As a WordPress developer you can take some basic steps that will put you way ahead of the curve. Different versions of WordPress, or any other web application for that matter, have different bugs and vulnerabilities. This is one of the main reasons software updates come out on a regular basis.

If a hacker knows that WordPress 2.7.2 (just an example) has a vulnerability it would be much easier for him to just hack 2.7.2 sites and not waste your time on newer versions that have already been patched.  Most WordPress hacks are not done but hand.  Hackers create scripts, bots, worms, and other programs to search the web for WordPress sites with vulnerabilities.  If you are looking for a specific version of WordPress to exploit it is a whole lot easier if potential victim is broadcasting what version of WordPress they are using.  For better or for worse WordPress shows what version you have installed by default.  If you use a web browser to view the source code of your WordPress site you will likely see the following in the of your HTML document:

One of the many great things about WordPress is that is almost totally customizable without using hacks.  We suggest using a filter to get rid of the version number.  WordPress uses tons of actions to make your blog work.  One of the hundreds of actions in a WordPress site is the action that prints your version number into head of your site.  A filter is a function of WordPress that allows you to modify most text or data before it is printed to the screen or entered into the database.  This is great because we don’t need to modify any of the core WordPress code, we can just filter it.

function remove_version_number() {
    return "";
}
add_filter('the_generator', 'remove_version_number');

So before I tell you where to put this code snippet let me tell you how it works. It simply adds a filter to the the_generator action in WordPress. So when WordPress needs to get the version number version number to print out it runs this filter which takes the version number and then returns nothing. If you look at the line where is says:

return "";

You can probably guess that instead of the version number with the the_generator action WordPress will return nothing.

So now that you know how it works, do it. Just take this snippet of code and past it carefully into your themes functions.php file. By default you will find your functions.php file in /wp-content/themes/your_theme_name/functions.php. There are several places you can put this snippet to make it work but we like keeping it inside of the theme.

We think that being good a developer means paying attention to the little things. Just like you we are constantly learning new tips and tricks that make our sites better and better.

Comments (1)
eddie 2010-07-0710:30 PM

One Comment

  1. Glad to see you guys putting out some interesting stuff. This is a part of the WordPress process most people probably don’t think about, myself included. Glad to see the tip. Thanks.

    Daniel Regan
    July 8, 2010 11:16 am

Post a Comment

Your email is never shared. Required fields are marked *

*
*