Remove version leaks from HTML, RSS, and scripts to reduce automated attacks — with clean, tested code.
By default, WordPress exposes its version number in:
<meta name="generator"> tag?ver=6.7)This allows automated bots to identify your site as a target for known exploits in that version. Hiding it forces attackers to guess — and most give up.
Add this to your child theme’s functions.php or use the “Code Snippets” plugin:
// Remove version from HTML head
remove_action('wp_head', 'wp_generator');
// Remove version from RSS feeds
add_filter('the_generator', '__return_empty_string');
// Remove version from scripts and styles
function remove_version_from_assets($src) {
if (strpos($src, 'ver=')) {
$src = remove_query_arg('ver', $src);
}
return $src;
}
add_filter('script_loader_src', 'remove_version_from_assets', 15, 1);
add_filter('style_loader_src', 'remove_version_from_assets', 15, 1);| Location | Example | Fix Applied |
|---|---|---|
| HTML Head | <meta name="generator" content="WordPress 6.7"> |
✅ Removed via remove_action |
| RSS Feed | <generator>https://wordpress.org/?v=6.7</generator> |
✅ Hidden via filter |
| CSS/JS URLs | /style.css?ver=6.7 |
✅ Stripped via remove_query_arg |
If you’d rather have an expert implement this securely, our vetted Fiverr specialists can:
Yes — it reduces your attack surface. Automated bots scan for known vulnerabilities in specific versions. Hiding the version forces attackers to guess, slowing them down significantly.
No. The version parameter is only used for cache-busting. Removing it doesn’t affect functionality, though you may need to clear CDN caches after updates.
Yes — but not recommended. Plugins like 'WP Hide' work, but they add overhead. The code method is faster, cleaner, and more reliable.
No — it’s one layer. Combine it with login hardening, file editing disable, and wp-config.php protection for real defense.