--- title: "How to Hide Your WordPress Version? A Comprehensive Security Guide" description: "Your WordPress site publicly displays its version number, which can be an invitation for hackers. Learn how to effectively hide this information and increase security using proven methods and best practices." date: 2017-09-15 updated: 2025-07-26 category: Web Development tags: ["WordPress", "security", "webmastering", "functions.php"] url: https://uper.pl/en/blog/how-to-hide-wordpress-version/ --- # How to Hide Your WordPress Version? A Comprehensive Security Guide A default WordPress configuration makes its version number publicly visible in your site's source code. While this may seem like a minor detail, it is actually valuable information for potential attackers. In this comprehensive guide, we will show you why you should hide your WordPress version, how to do it step-by-step with code or plugins, and also explain the limitations of this method. ## The Main Threat: How Attackers Exploit the Version Number Revealing your WordPress version number is asking for trouble. This operates on the principle of "security through obscurity," which is not sufficient protection on its own but serves as an important layer of defense. The main threat is that hackers use automated bots to scan thousands of websites for specific, outdated WordPress versions that have known security vulnerabilities. **Example of an attack:** Let's say WordPress version 5.7.1 had a critical security flaw that was fixed in version 5.7.2. An attacker could: 1. Use a script to find all sites that declare version `5.7.1` in their source code. 2. Launch an automated attack that exploits this specific vulnerability on all found sites. By hiding your version number, your site will not appear on such a list, significantly reducing the risk of a massive, automated attack. ### Where Does WordPress Reveal Its Version? Before we get to the solutions, let's identify where this information appears: 1. **`generator` meta tag**: In the `` section of your site, there is a line similar to this: ``. 2. **`ver=x.x.x` parameters**: A version parameter is appended to the end of links to CSS and JavaScript files, e.g., `style.css?ver=6.5.5`. 3. **RSS Feeds**: The `feed` files can also contain information about the generator version. ## Method 1: Modify the `functions.php` File (Recommended) This is the cleanest and most efficient method as it does not require installing an additional plugin. It involves adding a few lines of code to your theme's `functions.php` file. ### Warning: Edit the `functions.php` File Safely! - **Use a Child Theme:** Changes made directly to the main theme's `functions.php` file will be overwritten and lost during its update. Always work with a child theme. - **Make a backup:** Before making any changes, create a backup of the file. - **Errors can break your site:** Even a minor syntax error (e.g., a missing semicolon) can cause the "white screen of death." ### Step-by-Step: How to Add the Code? 1. Go to your WordPress admin panel. 2. Select `Appearance` > `Theme File Editor` from the menu. 3. On the right side, in the "Theme Files" section, find and click `functions.php` (Theme Functions). 4. Scroll to the very bottom of the file and paste the code below. 5. Click "Update File." ### Complete Code for `functions.php` ```php /** * Hides the WordPress version to increase security. * * This collective function performs three tasks: * 1. Removes the 'generator' meta tag from the section. * 2. Removes version information from RSS feeds. * 3. Removes the '?ver=' parameter from script (JS) and style (CSS) URLs. */ function uper_remove_wordpress_version() { // Remove generator meta tag remove_action('wp_head', 'wp_generator'); // Remove version from RSS add_filter('the_generator', '__return_empty_string'); // Remove version from CSS and JS // This callback function will be used for both filters $remove_version_callback = function($src) { if (strpos($src, 'ver=')) { $src = remove_query_arg('ver', $src); } return $src; }; add_filter('style_loader_src', $remove_version_callback); add_filter('script_loader_src', $remove_version_callback); } add_action('after_setup_theme', 'uper_remove_wordpress_version'); ``` Note that all the code has been wrapped in a single function that is triggered by the `after_setup_theme` hook, which is a good practice. ## Method 2: Use Security Plugins (for Beginners) If you are not comfortable editing code, you can use plugins that will do the job for you. This is also a good solution as they offer comprehensive security features. 1. **WP Hide & Security Enhancer:** This is a plugin specialized in hiding various default WordPress paths and information. 2. **Wordfence Security:** One of the most popular all-in-one security suites. Although its main focus is a firewall and malware scanner, the "Hardening" options often include a feature to hide the version. 3. **Sucuri Security:** Another popular plugin that, in its "Hardening" section, allows you to disable the display of the WordPress version with a single click. The advantage of using a comprehensive plugin is that hiding the version is just one of many protective features you get. ## Limitations of the Method: What Hiding the Version Will NOT Provide You must be aware that "security through obscurity" has its limits. A determined hacker can still try to guess your WordPress version, for example, by: - Analyzing JavaScript files or their content that are unique to a specific version. - Checking for changes in the HTML structure that are characteristic of specific releases. - Analyzing the `readme.html` file in the root directory, if it has not been removed. Hiding the version effectively protects against mass, automated attacks, but it is not a substitute for a solid security strategy. ## Summary: Updates Are Your Absolute Priority Hiding your WordPress version is a smart and simple step that makes life harder for amateurs and automated bots. However, remember that **no hiding technique can replace the most important security rule: regular updates.** Always keep the WordPress core, plugins, and themes on the latest, stable versions. It is the updates that contain fixes for critical security vulnerabilities. ---