Blogging   Security  

Security Update: Hide Your WordPress Version!

There is an urgent need to hide WordPress versions on your blog for better security of your site. I was in a recent discussion with several WordPress bloggers, who were waiting in the sidelines to upgrade their WordPress versions to the latest recommended security WordPress upgrade which fixes several PHP bugs and feed issues. Their laziness or fear to upgrade was based on the pretext that who knows their WordPress blog version anyway – I told them everyone knows your WordPress version!

If you look at the source code of any WordPress blog (easily possible in any web browser by going to View > Page Source), you will see

This is autogenerated by a php code in your header.php

<meta name="generator" content="WordPress <?php bloginfo('version'); ?>
<!-- leave this for stats -->

So unless the WordPress blogger has removed the code purposely (reluctant by the comment that you should leave it for stats), anyone can easily find your wordpress version and hack into your WordPress bugs. So the excuse that nobody knows your version and hackers would not waste time targeting your blog is no good… Remove that code in the header.php file of your WordPress theme right now.

Upgrade regularly to the latest WordPress version which will give you new features and bug fixes. WordPress 2.1 is released and if you are waiting for your wordpress plugins to update, have no fear and upgrade with confidence.


  1. Enblogopedia says:

    I see that you didn’t upgrade to 2.1 yourself :)
    when you gonna upgrade?

  2. QuickOnlineTips says:

    WP 2.0.7 is the essential security upgrade for everyone. WordPress 2.1 is the new version which I will get once the bugs are gone in and my plugins become compatible. Should happen in the next few days…

  3. Hendry Lee says:

    Recent version of WP will include the metadata line even if you remove it from your theme header.php. You may edit the code, or disable that action in your function.php file in the theme directory.

    remove_action(‘wp_head’, ‘wp_generator’);

    should work.

  4. Tom McCarrick says:

    Is there a file within WordPress that contains the WP version, which WordPress reads each time you log in to the backoffice of your blog?


  5. abo prämie says:

    Thanks for the tip. I deleted my wordpress version tag.

  6. Carla says:

    I don’t see my version of WordPress in my source code. I searched for “”generator” content=”WordPress” and only found it without the version. Where do you find the version?

    Thanks so much!

Leave a Reply

Your email address will not be published. Required fields are marked *