Don’t want the world to know what version of WordPress you’re running? You’ve got three options. The first two require you to edit functions.php
and let you hide the generator completely or empty the version number. Alternately, you can just use the plugin.
Bask in the safety of WordPress anonymity.
The use of a version cloak only makes sense to me if you’re running a older, less secure version of WP. But then, it would make a lot more sense to simply upgrade WP rather than try to hide the version.
I may be missing something, though. What other reasons might there be for hiding your installation’s version number?
If people are looking for WordPress sites to attack and you’re not advertising that your site runs on WordPress …
That’s basically it.
Thought I’d mention that the option to hide the WordPress version number (in feeds as well as in the header) is also available in the WordPress Tweaks plugin.
Thanks for the heads up, John.
If i inspect this page html content and robots can do too, i will find path parts like wp-include or wp-content. This indicates WP is been used.
Digging deeper by inspectation of reponse header you will find:
X-Pingback https://themeshaper.com/xmlrpc.php
This indicates WP version >= 2.5.0 because this first was sent at this one.
If this header field is missing, WP is <= 2.3.3.
I think, it has a limited worth to cloak the version. Well done robots will used several indications to detect the right wp version.
True. I wonder if it’s worth trying to defeat the poorly-done robots. And are there poorly-done robots than can be defeated with this technique?
In addition, can man and robot ever learn to peacefully coexist?
I think, it’s possible to coexist. And even if the robots try to do bad things. My tests with special handling of bad bots or attacks shows, that i can recycle those attacks to work as extended cron jobs and doing as long maintain work as the PHP runtime allows and send back only a thank you page. So also the bad one do reasonable things 😉
It’s no need to use plugin. Just use this code and paste it into your function.php:
/* Remove WordPress generator meta tag */
function rmv_generator_filter() {
return ”; }
add_filter(‘the_generator’, ‘rmv_generator_filter’);
Or simply add
remove_action(‘wp_head’, ‘wp_generator’);
into your themese function.php file
Yeah, but
remove_action(‘wp_head’, ‘wp_generator’);
would still write the generator to the feeds, while
function no_generator() { return ”; }
add_filter(‘the_generator’, ‘no_generator’);
successfully removes ALL generator tags wordpress spits out: the html files, the feeds etc.
Hope I’m not stepping on any toes here, but I thought it would make sense to make the different results of those approaches clear. 😉
I’m thinking of making a plugin that would remove every trace of wp- from folders, files, content, etc
I think it’s bs that wordpress has to leave it’s mark everywhere.
It’s not too difficult, all one needs is a handy find & replace tool.
wp-content becomes content/, wp-admin becomes admin/ wp-settings become settings, etc
there’s 4 files that have a $wp- you leave those alone the rest remove.
I call this a wp-deep-cleaning 🙂
There’s no trace of wordpress in my install (horay)
Thank you very much Great post…thanks for share this. ………
…….