You are browsing the archive for Tips & Tricks.

Avatar of buzzdsign

by buzzdsign

How to hide your WordPress version from prying eyes

April 18, 2011 in Tips & Tricks, WordPress

Source:

Excerpts:

WordPress

[...] Unfortunately, most of these articles failed to go beyond hiding the version number in the public HTML. For instance, it is fairly easy to find the version number of a WordPress install by viewing the source of an RSS feed. While many developers claim that ”security through obscurity” is not a great idea, you should at least obscure the information correctly if you decide to use this method.

The first line below stops WordPress from automatically adding a generator meta tag to the <head> of each page. The foreach loop removes the version number from each feed WordPress creates. Simply add the following code to your theme’s functions.php:

`pre type="php"`
remove_action('wp_head', 'wp_generator');

foreach(array('rss2_head', 'commentsrss2_head', 'rss_head', 'rdf_header',
'atom_head', 'comments_atom_head', 'opml_head', 'app_head') as $action)
  {
        remove_action($action,'the_generator');
  }
`/pre`

That’s not all, there is actually one more thing that most WordPress users often forget to delete: readme.html. It may seem harmless, but it contains the version number in fairly large text at the top. It is easy to remove, but the file comes back after each automatic upgrade. The best way to prevent letting others from viewing this file is to add the following code to your .htaccess file.

`pre type="xml"`

<Files readme.html>
     order allow,deny
     deny from all
</Files>
`/pre`

[...]

Read the rest of the article on the “source” link above…

Here’s a tip from us:

Make sure you keep your version up-to-date

By doing so you are always protected from the security holes that exist in the previous version(s) that now has been fixed in the latest version. So be sure to upgrade whenever they provide a security release (read it on the blog or on the changelog).

[UPDATE]
For those of you who don’t want to change anything and want a simpler solution, give this WordPress plugin a try.

References:

That’s not all, there is actually one more thing that most WordPress users often forget to delete: readme.html. It may seem harmless, but it contains the version number in fairly large text at the top. It is easy to remove, but the file comes back after each automatic upgrade. The best way to prevent letting others from viewing this file is to add the following code to your .htaccess file.

Translation:

Tags: , , Comments Off