Remove the WordPress Generator

By Ian Stewart · July 2nd, 2008

Don’t want the world to know what version of WordPress you’re running? You’ve got three options. The first two require you to edit functions.php and let you hide the generator completely or empty the version number. Alternately, you can just use the plugin.

Bask in the safety of WordPress anonymity.

Bookmark the permalink. Post a comment or leave a trackback: Trackback URL.

7 Comments

  1. Phil Barron
    Posted July 3, 2008 at 7:02 pm | Permalink

    The use of a version cloak only makes sense to me if you’re running a older, less secure version of WP. But then, it would make a lot more sense to simply upgrade WP rather than try to hide the version.

    I may be missing something, though. What other reasons might there be for hiding your installation’s version number?

  2. Ian Stewart
    Posted July 3, 2008 at 7:18 pm | Permalink

    If people are looking for WordPress sites to attack and you’re not advertising that your site runs on WordPress …

    That’s basically it.

  3. John
    Posted July 4, 2008 at 9:45 am | Permalink

    Thought I’d mention that the option to hide the WordPress version number (in feeds as well as in the header) is also available in the WordPress Tweaks plugin.

  4. Ian Stewart
    Posted July 4, 2008 at 10:08 am | Permalink

    Thanks for the heads up, John.

  5. codestyling
    Posted July 4, 2008 at 10:34 am | Permalink

    If i inspect this page html content and robots can do too, i will find path parts like wp-include or wp-content. This indicates WP is been used.
    Digging deeper by inspectation of reponse header you will find:
    X-Pingback http://themeshaper.com/xmlrpc.php
    This indicates WP version >= 2.5.0 because this first was sent at this one.
    If this header field is missing, WP is <= 2.3.3.
    I think, it has a limited worth to cloak the version. Well done robots will used several indications to detect the right wp version.

  6. Ian Stewart
    Posted July 4, 2008 at 10:40 am | Permalink

    True. I wonder if it’s worth trying to defeat the poorly-done robots. And are there poorly-done robots than can be defeated with this technique?

    In addition, can man and robot ever learn to peacefully coexist?

  7. codestyling
    Posted July 4, 2008 at 10:49 am | Permalink

    I think, it’s possible to coexist. And even if the robots try to do bad things. My tests with special handling of bad bots or attacks shows, that i can recycle those attacks to work as extended cron jobs and doing as long maintain work as the PHP runtime allows and send back only a thank you page. So also the bad one do reasonable things ;-)

2 Trackbacks

  1. By links for 2008-07-09 (Jarrett House North) on July 8, 2008 at 8:41 pm

    […] Remove the WordPress Generator (ThemeShaper) Options to eliminate the WordPress version number from your source code. (tags: wordpress) […]

  2. By WordPress Tip: Always Remove the WordPress Version Code on July 25, 2008 at 7:56 am

    […] security, you can still remove the meta generator.  It looks like Ian of ThemeShaper has provided a couple methods, including a WordPress plugin to remove the meta generator information from your WordPress blog. […]

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*

By submitting a comment here you grant this site a perpetual license to reproduce your words and name/web site in attribution. In addition, you may find yourself fitter, happier and more productive. Comment away.

Subscribe without commenting