Tutorials

How to Hide WordPress Version: Complete Security Guide

Learn why and how to hide your WordPress version number. Remove version information from HTML, feeds, and scripts to prevent targeted attacks.

E
Emily Rodriguez
5 min read
1,276 views
Hiding WordPress version number

Your WordPress version number is displayed in multiple places by default. Attackers use this information to target version-specific vulnerabilities. Hiding it is a simple but effective security measure.

Where WordPress Version is Exposed

HTML Meta Tag

<meta name="generator" content="WordPress 6.4.2" />

RSS Feeds

Feeds contain generator tag with version.

Script/Style URLs

style.css?ver=6.4.2

Readme Files

readme.html in WordPress root contains version.

Why Hide the Version?

Targeted Attacks

When attackers know your exact version:

  • They can check for known vulnerabilities
  • They can use version-specific exploits
  • They prioritize sites with vulnerable versions

Automated Scanning

Bots scan for version numbers to find vulnerable targets:

  • Mass vulnerability scanning
  • Building lists of exploitable sites
  • Zero-day attack preparation

How to Hide WordPress Version

Method 1: WP Folder Shield (Recommended)

  1. Navigate to WP Folder Shield > Settings
  2. Enable "Hide WordPress Version"
  3. Save changes

Removes version from all locations automatically.

Method 2: Manual Code

Remove from HTML head:

remove_action('wp_head', 'wp_generator');

Remove from RSS:

add_filter('the_generator', '__return_empty_string');

Remove from scripts/styles:

function remove_version_strings($src) {
    if (strpos($src, 'ver=')) {
        $src = remove_query_arg('ver', $src);
    }
    return $src;
}
add_filter('script_loader_src', 'remove_version_strings');
add_filter('style_loader_src', 'remove_version_strings');

Method 3: Delete readme.html

Remove readme.html from WordPress root (it's recreated on updates).

What WP Folder Shield Removes

  • Generator meta tag
  • RSS/Atom feed generator
  • Version strings from scripts
  • Version strings from stylesheets
  • readme.html access blocked
  • license.txt access blocked

Limitations to Understand

Not Complete Obscurity

Determined attackers can still identify WordPress through:

  • Directory structure
  • Cookie names
  • Default behavior patterns

Part of Defense in Depth

Version hiding is one layer—combine with:

  • Keeping WordPress updated
  • Using security plugins
  • Proper configuration

Get WP Folder Shield to hide WordPress version and implement comprehensive security hardening.

Share:
E
Written by Emily Rodriguez

WP Folder Shield Team

Related Articles

The Ultimate Guide to WordPress Security in 2026
The Ultimate Guide to WordPress Security in 2026

Learn how to protect your WordPress website from hackers, malware, and security threats with this...

January 15, 2026
How to Scan Your WordPress Site for SEO Spam and Hidden Malicious Content
How to Scan Your WordPress Site for SEO Spam and Hidden Malicious Content

Learn effective methods to scan your WordPress site for hidden SEO spam, malicious links, and...

January 13, 2026
How to Protect Your WordPress Uploads Folder from Malware
How to Protect Your WordPress Uploads Folder from Malware

The wp-content/uploads folder is one of the most vulnerable directories in WordPress. Learn how to...

January 13, 2026

Ready to Secure Your WordPress Site?

Get complete protection with WP Folder Shield.

Get Started