Remove the WordPress Version Number with One Simple Code Snippet!

By default, WordPress shares the exact version number in your site’s source code. If you are on a version known to have a vulnerability, attackers can exploit it to compromise your site.

In this article, I’ll share with you how to remove the WordPress version number from all visible locations.

Why You Should Remove the WordPress Version Number

Your WordPress version number publicly reveals which release your site runs. For example, when security researchers disclose an exploit for a specific version of WordPress, automated tools immediately search for sites running that exact version. The visible WordPress version tag on your website acts as a beacon, telling attackers your site is potentially vulnerable.

This creates a dangerous window of exposure between patch release and your update. Even a day of delay gives scanners time to find and compromise your installation.

Where Does WordPress Expose Your Version?

Your WordPress version appears in three primary locations across your site.

The HTML head section displays a generator meta tag. WordPress automatically outputs <meta name=”generator” content=”WordPress X.X.X” /> in your source code. Most automated scanners check this first.

RSS feeds include the version number in their metadata. The same generator tag that appears in your header also outputs in feeds, creating another exposure point.

CSS and JavaScript files reveal the version through query strings. Your source code shows files like style.css?ver=X.X.X. Attackers inspect these parameters to fingerprint your exact WordPress release.

Each location gives attackers a way to identify your installation and carry out attacks.

How to Remove WordPress Version Number

Basic solutions only remove the header generator tag. This leaves your version exposed in RSS feeds and asset URLs. You need a comprehensive approach that addresses all three locations simultaneously.

This code snippet removes the WordPress version from all public locations. It hides the generator tag in headers and RSS feeds. It also strips version numbers from CSS and JavaScript file queries.

<?php

add_filter('the_generator','__return_empty_string');

function remove_version_from_assets($src) {
    $wp_version = get_bloginfo('version');

    if(strpos($src,'ver='.$wp_version) !== false) {
        $src = remove_query_arg('ver',$src);
    }

    return $src;
}
add_filter('style_loader_src','remove_version_from_assets',9999); 
add_filter('script_loader_src','remove_version_from_assets',9999);

The first line uses a WordPress helper function to return an empty string for all generator tags. The second function specifically targets version parameters matching your current WordPress release. It leaves other query strings intact to avoid breaking cache-busting strategies for custom themes and plugins. The 9999 priority ensures this filter runs after most other processes, catching all cases.

Both filters work together to provide complete coverage. When automated scanners look for generator tags, they’ll find nothing. Tools inspecting your asset URLs will see query strings without version data.

Step-by-Step: Add This Code Snippet to Your WordPress Website

Editing theme files directly creates long-term problems. Theme updates can overwrite your custom code and force you to reapply changes. A syntax error can lock you out of your admin area completely. A better solution is to use a code snippet plugin.

WPCodeBox eliminates these risks by running your code snippets independently of your theme. The plugin isolates custom code in a protected environment with built-in error handling that prevents most mistakes from breaking your site. Your modifications stay active across theme changes and updates without manual intervention.

The plugin also provides a library of verified snippets you can add with one click, plus cloud sync to reuse your solutions across all your WordPress sites. You manage all PHP, CSS, and JavaScript snippets from an organized dashboard that keeps your code portable and maintenance-free.

Let’s now look at how to use it to hide the WordPress version:

1. Start by purchasing and installing WPCodeBox on your site. Once activated, navigate to WPCodeBox from your admin menu.
2. This automatically opens a new snippet creation window. Name your snippet “Remove WordPress Version Number” for easy reference. You can also add a brief description if you want.
3. Paste the complete PHP code from the previous section into the code editor.
4. Configure these settings in the snippet panel:
   • Type: PHP Snippet
   • How to run the snippet: Always (On Page Load)
   • Where to insert the snippet: Plugins Loaded (Default)
5. Click the Save button above the editor. WPCodeBox saves your snippet in a disabled state to protect your site.
6. Review your code to ensure no characters were lost during copying.
7. Toggle the snippet to Enabled status to activate version removal across your site.
8. Clear your site cache if you use a caching plugin to see immediate results.

Your version number removal is now active across your entire site. WPCodeBox protects this code from theme updates and makes future modifications effortless. The changes apply immediately without touching a single theme file.

Verify the WordPress Version Number is Gone

In order to verify the changes, you should first check your source code. Open any page on your site and press Ctrl+U (or Cmd+Option+U on Mac). Search for “generator” in the code. The WordPress version meta tag should be completely absent.

You can also inspect your CSS and JavaScript files next. View the source and locate any stylesheet or script URLs. They should no longer include ver=X.X.X query strings with your WordPress version.

To test your RSS feed, you can visit /feed/ on your site and view the page source to confirm the generator tag is missing from the feed metadata.

More on Removing WordPress Version Number

1. Should I hide my WordPress version?

Hiding your WordPress version is a recommended security precaution. While it does not fix existing vulnerabilities, it acts as a layer of hiding visible details. This prevents automated bots and attackers from easily identifying your specific version and targeting your site with exploits known to affect that release.

2. How do I disable revisions in WordPress?

You can disable post revisions by adding a simple code snippet to your site’s wp-config.php file. Open the file and add the line define( 'WP_POST_REVISIONS', false ); just above the line that says “That’s all, stop editing.” This will stop WordPress from saving multiple copies of your posts and help keep your database clean. You can also use a code snippet plugin like WPCodeBox to add the code.

3. Why is it a good security practice to hide the WordPress version number?

Hiding the version number complicates things when hackers look for targets. Hackers frequently run automated scripts to scan the internet for websites running outdated versions of WordPress with known security holes. If your version number is not visible, these scripts are less likely to flag your website as a vulnerable target.

4. What is the best plugin to hide WordPress?

While other plugins like WP Hide & Security Enhancer offer many features, they can be overkill if you just want to hide the WordPress version number from your site’s code. For a lean and efficient solution, WPCodeBox is the best plugin. It allows you to easily add and manage the specific code snippets needed to hide your WordPress version without adding the bloat or complexity of a heavy security plugin.

More Snippets to Customize Your WordPress Site

• Disable XML-RPC WordPress
• Disable WordPress REST API
• How to Disable Theme and Plugin Editors in WordPress
• How to Remove DNS Prefetch from WordPress Head to Improve Performance
• How to Disable WordPress Embeds Using PHP Code
• Remove WordPress Admin Bar