Don’t want the world to know what version of WordPress you’re running? You’ve got three options. The first two require you to edit functions.php and let you hide the generator completely or empty the version number. Alternately, you can just use the plugin.
Bask in the safety of WordPress anonymity.
Don't forget: You should follow me on twitter here.
My name is Ian Stewart. I’m a professional designer, and WordPress enthusiast, trying to shape how we think about the exciting and dynamic world of WordPress themes.
Back in 2006 I took my first tentative steps into the world of theme design. I didn’t know it at the time but those first steps would change how I think about design completely. Since then, I've done my best to change how we all think about designing WordPress themes.
Come and check out what I'm linking to and thinking about by following me around on Twitter and StumbleUpon
You're looking at a custom WordPress Child Theme based on the highly extensible and, quite frankly, ninja-like, Thematic Theme.
Thematic is a WordPress Theme Framework that gives you all sorts of options for customizing your WordPress theme in a super-smart, bulletproof fashion. Better yet, it's Free. Get started with it today by finding out more about it.
Want a custom Thematic-based theme like this one? You're in luck. There's a whole bunch of folks waiting patiently to help you get started rockin' WordPress with the Thematic Theme Framework. Visit the services page and contact one of them today.
9 Comments
The use of a version cloak only makes sense to me if you’re running a older, less secure version of WP. But then, it would make a lot more sense to simply upgrade WP rather than try to hide the version.
I may be missing something, though. What other reasons might there be for hiding your installation’s version number?
If people are looking for WordPress sites to attack and you’re not advertising that your site runs on WordPress …
That’s basically it.
Thought I’d mention that the option to hide the WordPress version number (in feeds as well as in the header) is also available in the WordPress Tweaks plugin.
Thanks for the heads up, John.
If i inspect this page html content and robots can do too, i will find path parts like wp-include or wp-content. This indicates WP is been used.
Digging deeper by inspectation of reponse header you will find:
X-Pingback http://themeshaper.com/xmlrpc.php
This indicates WP version >= 2.5.0 because this first was sent at this one.
If this header field is missing, WP is <= 2.3.3.
I think, it has a limited worth to cloak the version. Well done robots will used several indications to detect the right wp version.
True. I wonder if it’s worth trying to defeat the poorly-done robots. And are there poorly-done robots than can be defeated with this technique?
In addition, can man and robot ever learn to peacefully coexist?
I think, it’s possible to coexist. And even if the robots try to do bad things. My tests with special handling of bad bots or attacks shows, that i can recycle those attacks to work as extended cron jobs and doing as long maintain work as the PHP runtime allows and send back only a thank you page. So also the bad one do reasonable things
It’s no need to use plugin. Just use this code and paste it into your function.php:
/* Remove WordPress generator meta tag */
function rmv_generator_filter() {
return ”; }
add_filter(‘the_generator’, ‘rmv_generator_filter’);
Or simply add
remove_action(‘wp_head’, ‘wp_generator’);
into your themese function.php file
4 Trackbacks
[...] Remove the WordPress Generator (ThemeShaper) Options to eliminate the WordPress version number from your source code. (tags: wordpress) [...]
[...] security, you can still remove the meta generator. It looks like Ian of ThemeShaper has provided a couple methods, including a WordPress plugin to remove the meta generator information from your WordPress blog. [...]
[...] Remove the WordPress Generator Don’t want the world to know what version of WordPress you’re running? You’ve got three options. The first two require you to edit functions.php and let you hide the generator completely or empty the version number. Alternately, you can just use the plugin. (tags: The WordPress Generator Remove) Possibly related posts: (automatically generated)muslimedia.netTapping the Vortex for Green Energy [...]
[...] security, you can still remove the meta generator. It looks like Ian of ThemeShaper has provided a couple methods, including a WordPress plugin to remove the meta generator information from your WordPress blog. [...]