Hackers plan their attack based on the information they have. A large portion of attacks is based on outdated versions of web server, WordPress, themes, plugins and anything else they can exploit vulnerabilities found on old versions. WordPress version is visible in any page and post. It is included in the header and anyone who visits your site/blog can see this information. It is wise to remove this information so hackers can’t find the version and plan their attack based on the vulnerabilities found on that version, especially if you don’t update WordPress because you have made many changes to the code. There are many ways to remove WordPress version if you search but not all of them remove the version successfully.
Most bloggers, after learning about that, they run to their editors and remove the line with that information and they think that this is it. Well, it is not. The same information is also visible in other places such as feeds. The best way to do that is to add the following code to functions.php file of a child theme but if you don’t want or know how to do that, add it to your theme’s functions.php file. You can paste it at the end of the file, but before the ?> tag. It replaces the generator information, from any place that is used, with empty string.
function remove_wp_version() { return ”; }
add_filter(‘the_generator’, ‘remove_wp_version’);
Even though the above code hides the generator information you are not safe. If you are the target of a hacker and he can’t find the version from another source he can try all vulnerabilities of all previous versions. You should (or better must) always upgrade to the latest version. If you don’t have a child theme then you should do this in every update.
Pingback:Steps to Secure your WordPress Blog » Michalis Nicolaides