How to Hide the WordPress Version from the Generator Meta Tag

Last updated on December 05th, 2014 by Robert Abela. Filed under WordPress Security

An out of the box installation of WordPress discloses the version number in the Generator meta tag and in the RSS feeds. Therefore everyone who accesses your website knows what software you are running and which version. This article explains how to hide the WordPress version from the generator meta tag and from the RSS feeds generated by WordPress.

WP White Security Tip: This article is for educational purposes only. By hiding the version of WordPress you do not improve the security of your WordPress. It is always recommended to run the latest version of WordPress to ensure malicious hackers do not exploit known vulnerabilities and hack into your WordPress blogs and websites.

WordPress Version Disclosure in the Generator Meta Tag and RSS Feed

By default WordPress uses the Generator meta tag in the website’s html <head> section to disclose the version number, as seen in the below example:

<meta name="generator" content="WordPress 3.5.1" />

To check if the version of your WordPress is being disclosed or not; navigate to your website, right click anywhere on the website, select “View Page Source” and search for the word generator. The Generator meta tag can be found in the HTML head section, which is all the text in between the <head> and </head> HTML tags.

WordPress also discloses the version number in the default WordPress RSS feed as seen in the below example:

http://wordpress.org/?v=3.5.1

To check if WordPress is disclosing the version in the RSS feed, navigate to your website, add /feed/ or /feed=rss at the end of the URL and search for the word generator. E.g. www.WP White Security.com/feed/.

Hide WordPress Version Number from Generator Meta Tag

To hide the WordPress version number from Generator meta tag, add the below line of code at the bottom of the activated WordPress theme’s file functions.php. WordPress themes can be found in the /wp-content/themes/ directory.

remove_action('wp_head', 'wp_generator');

Hide WordPress Version Number from the RSS Feeds

To hide the WordPress version number from the default RSS feeds, add the below code at the bottom of the activated WordPress theme’s file function.php.

function remove_wp_version_rss() {
 return'';
 }

add_filter('the_generator','remove_wp_version_rss');

Once you update your functions.php file, refresh the page and you should not find the word generator in the page’s source. For more information on how to update WordPress files refer to our tutorial How to use FTP to edit and upload files to your WordPress blog or website.

WordPress Hosting, Firewall and Backup

This Website is:

2 comments

aboubaker 06/12/2013

no, “Hide WordPress Version Number from the RSS Feeds” code not working in newest version in wordpress

Robert Abela 14/12/2013

Hi Aboubaker,

We have tested the code up until WordPress version 3.8, which was released yesterday and it works. If you have any caching plugin, clear the cache and try again. Should you have any queries, just get in touch with us and will gladly assist you.

Leave a Reply

Your email address will not be published. Required fields are marked *