Remove the WordPress Generator

Don’t want the world to know what version of WordPress you’re running? You’ve got three options. The first two require you to edit functions.php and let you hide the generator completely or empty the version number. Alternately, you can just use the plugin.

Bask in the safety of WordPress anonymity.

16 thoughts on “Remove the WordPress Generator”

  1. The use of a version cloak only makes sense to me if you’re running a older, less secure version of WP. But then, it would make a lot more sense to simply upgrade WP rather than try to hide the version.

    I may be missing something, though. What other reasons might there be for hiding your installation’s version number?

  2. If i inspect this page html content and robots can do too, i will find path parts like wp-include or wp-content. This indicates WP is been used.
    Digging deeper by inspectation of reponse header you will find:
    This indicates WP version >= 2.5.0 because this first was sent at this one.
    If this header field is missing, WP is <= 2.3.3.
    I think, it has a limited worth to cloak the version. Well done robots will used several indications to detect the right wp version.

  3. True. I wonder if it’s worth trying to defeat the poorly-done robots. And are there poorly-done robots than can be defeated with this technique?

    In addition, can man and robot ever learn to peacefully coexist?

  4. I think, it’s possible to coexist. And even if the robots try to do bad things. My tests with special handling of bad bots or attacks shows, that i can recycle those attacks to work as extended cron jobs and doing as long maintain work as the PHP runtime allows and send back only a thank you page. So also the bad one do reasonable things 😉

  5. It’s no need to use plugin. Just use this code and paste it into your function.php:

    /* Remove WordPress generator meta tag */
    function rmv_generator_filter() {
    return ”; }

    add_filter(‘the_generator’, ‘rmv_generator_filter’);

      1. Yeah, but

        remove_action(‘wp_head’, ‘wp_generator’);

        would still write the generator to the feeds, while

        function no_generator() { return ”; }
        add_filter(‘the_generator’, ‘no_generator’);

        successfully removes ALL generator tags wordpress spits out: the html files, the feeds etc.

        Hope I’m not stepping on any toes here, but I thought it would make sense to make the different results of those approaches clear. 😉

  6. I’m thinking of making a plugin that would remove every trace of wp- from folders, files, content, etc
    I think it’s bs that wordpress has to leave it’s mark everywhere.
    It’s not too difficult, all one needs is a handy find & replace tool.

    wp-content becomes content/, wp-admin becomes admin/ wp-settings become settings, etc

    there’s 4 files that have a $wp- you leave those alone the rest remove.

    I call this a wp-deep-cleaning 🙂

    There’s no trace of wordpress in my install (horay)

Comments are closed.