For security reasons, it is a good practice to remove the automatically generated WordPress version numbers from the head section of the page.
Here is a custom function to remove those unwanted WordPress version information from all pages. You can add this code to your (child) theme’s functions.php file.
function wordpress_version_remove() { return ''; } add_filter('the_generator', 'wordpress_version_remove'); |
Note: If your child theme is empty, place the code in between <?php and ?>. i.e
<?php function wordpress_version_remove() { return ''; } add_filter('the_generator', 'wordpress_version_remove'); ?> |
Follow these topics WordPress
Short Link:
Loading tweets...
11 comments
Skip to comment form ↓
PKP
February 16, 2012 at 9:52 pm (UTC 5.5) Link to this comment
Hi Prasanna,
Very useful information here. Thanks.
A question …
Where exactly we should put the following lines?
function wordpress_version_remove() {return '';
}
add_filter('the_generator', 'wordpress_version_remove');
Thanks
PKP
Prasanna SP
February 17, 2012 at 9:38 am (UTC 5.5) Link to this comment
Hi PKP, you can add this function in any of your active plugin or in your theme’s functions.php file. But, best move is to add this in your child theme’s functions.php file.
PKP
February 17, 2012 at 11:11 am (UTC 5.5) Link to this comment
Thanks Prsanna.
Will go through your post about child theme and then make changes.
PKP
Ken
June 5, 2012 at 4:30 am (UTC 5.5) Link to this comment
Just out of curiosity, what are those security reasons?
Prasanna SP
June 11, 2012 at 9:33 am (UTC 5.5) Link to this comment
Hi Ken, the reason to remove WordPress version is that, there are some security vulnerabilities in the previous versions of WP. As you know, not everybody updates their wordpress as a new version comes out. So, if somebody is using an older version and a cracker gets to know the version, it becomes easy for him to compromise the site. So, it is recommended to remove the version details of wordpress and plugins from the page source.
Solution Epilation
June 10, 2012 at 4:12 pm (UTC 5.5) Link to this comment
Hello Parsanna,
Thanks for this tip. My boss also wants me to remove the “Powered by WP and the Graphene theme” in the footer : I don’t want to just hide it with CSS, I want to remove the html. Is that possible with a likewise custom function ?
@Ken : the security issue is that if a security fail is discovered for a particular version of WP, robots can crawl the web to identify websites using this version, hence allowing them to hack the site.
Ken
June 11, 2012 at 5:35 am (UTC 5.5) Link to this comment
That makes sense. Thanks! I’ll be making this change soon.
Prasanna SP
June 11, 2012 at 10:19 am (UTC 5.5) Link to this comment
Yes, you can remove
graphene_developeraction using a child theme. See this page for more information on removing actions – http://codex.wordpress.org/Function_Reference/remove_actionSolution Epilation
June 11, 2012 at 11:25 am (UTC 5.5) Link to this comment
Thanks Prasanna for the answer. However I’m not very knowledgeable on code and don’t know what’s an action hook. Tried looking it up but cannot find a clear answer. Could you please tell me what they are ?
Could you also please give me the code in the case of the credits ? This would be very helpful and will serve as an example, as I also want to remove the img in the header in a similar fashion.
Thanks !
Ron
September 4, 2012 at 1:56 pm (UTC 5.5) Link to this comment
Found this one-line code on digwp. Thought I’d share it here
remove_action('wp_head', 'wp_generator');Prasanna SP
November 16, 2012 at 9:25 am (UTC 5.5) Link to this comment
Hi Ron! The above one line code removes WordPress version from website head only. But my code removes it from RSS feed as well.