16 thoughts on “Remove the WordPress Generator

  1. The use of a version cloak only makes sense to me if you’re running a older, less secure version of WP. But then, it would make a lot more sense to simply upgrade WP rather than try to hide the version.

    I may be missing something, though. What other reasons might there be for hiding your installation’s version number?

  2. If i inspect this page html content and robots can do too, i will find path parts like wp-include or wp-content. This indicates WP is been used.
    Digging deeper by inspectation of reponse header you will find:
    X-Pingback http://themeshaper.com/xmlrpc.php
    This indicates WP version >= 2.5.0 because this first was sent at this one.
    If this header field is missing, WP is <= 2.3.3.
    I think, it has a limited worth to cloak the version. Well done robots will used several indications to detect the right wp version.

  3. True. I wonder if it’s worth trying to defeat the poorly-done robots. And are there poorly-done robots than can be defeated with this technique?

    In addition, can man and robot ever learn to peacefully coexist?

  4. I think, it’s possible to coexist. And even if the robots try to do bad things. My tests with special handling of bad bots or attacks shows, that i can recycle those attacks to work as extended cron jobs and doing as long maintain work as the PHP runtime allows and send back only a thank you page. So also the bad one do reasonable things ;-)

  5. Pingback: links for 2008-07-09 (Jarrett House North)

  6. Pingback: WordPress Tip: Always Remove the WordPress Version Code

  7. Pingback: links for 2009-01-30 « Free Open Source Directory

  8. It’s no need to use plugin. Just use this code and paste it into your function.php:

    /* Remove WordPress generator meta tag */
    function rmv_generator_filter() {
    return ”; }

    add_filter(‘the_generator’, ‘rmv_generator_filter’);

      • Yeah, but

        remove_action(‘wp_head’, ‘wp_generator’);

        would still write the generator to the feeds, while

        function no_generator() { return ”; }
        add_filter(‘the_generator’, ‘no_generator’);

        successfully removes ALL generator tags wordpress spits out: the html files, the feeds etc.

        Hope I’m not stepping on any toes here, but I thought it would make sense to make the different results of those approaches clear. ;)

  9. Pingback: WordPress Tip: Always Remove the WordPress Version Code | Information on how to backup your computer

  10. robuk says:

    I’m thinking of making a plugin that would remove every trace of wp- from folders, files, content, etc
    I think it’s bs that wordpress has to leave it’s mark everywhere.
    It’s not too difficult, all one needs is a handy find & replace tool.

    wp-content becomes content/, wp-admin becomes admin/ wp-settings become settings, etc

    there’s 4 files that have a $wp- you leave those alone the rest remove.

    I call this a wp-deep-cleaning :)

    There’s no trace of wordpress in my install (horay)

Comments are closed.