Become Wordpress Professional - Your Ultimate Wordpress Guide

Tuesday, 19 March 2013

Improving Security by Removing Wordpress Version

 Disable version number of WordPresss
A big part of good security is keeping sensitive information away from bad guys. WordPress has one particular weakness in this department because it displays its version number in source code in web pages and feeds. The WordPress version number is displayed in the source code of your web pages and look like this

<meta name="generator" content="WordPress 3.1" /> 

The version number is also displayed in RSS feeds and it look like

<generator>http://wordpress.org/?v=3.1</generator>

Where WordPress displays version number 

WordPress version number is also displayed in other sources and other feeds. This information seems harmless and enables attacker to target security holes in specific versions of WordPress. In this tutorial you will learn how to better protect your site by editing or removing WordPress version of your site so that bad guys will never detect your actual version. 

Lets see behind the scene in HTML markup for the home page of your WordPress demo site. In the head section of view source you will noticed that WordPress is providing the version number of its installation. 



This highlighted information in used by hacker develop automated scripts to attack specific version of the software. You can also see it in the source code of various feeds that WordPress generate. 

How to Remove WordPress version of your Site

To remove this go to your Online web host Cpanel account and open WordPress site directory and then navigate to current installed theme folder and then open functions.php file. Here you add the following line of code to the bottom of this file 

// remove version number from head & feeds
function disable_version() { return ''; }
add_filter('the_generator','disable_version');
remove_action('wp_head', 'wp_generator');

Copy the above code and paste in theme function.php after all other code. Now lets save the file. Check again the source code and you will noticed that no version number is available and not been displayed and that is the good thing. Also check the RSS feeds and also here the code we put in theme function.php file is prevent to displaying your current WordPress version in RSS feeds as well. 

In fact with the code in place, WordPress will not display the version number that is easy accessible by hacker and people who want to ruin your site. This simple code snippet in your function.php file stop WordPress for displaying sensitive information and feeds, posts, pages and everywhere else by simply disabling the version generator you add another layer of security of your WordPress powered site.

0 comments:

Post a Comment

Please Avoid Spamming. Comments will be moderated before they are published.