I talked a couple of weeks ago about the importance of always upgrading your WordPress install, as old WordPress installations are often vulnerable. One thing I don’t think people realize is that a hacker can easily find vulnerable WordPress blogs because most standard WordPress themes will actually tell them what version you are using.
If you open up the header.php file of your theme, you should notice some code that looks something like this:
<meta name="generator" content="WordPress <?php bloginfo('version'); ?>" /><!-- leave this for stats -->
In order to protect your WordPress installation, I recommend people completely remove this code from their header.php file for all of their WordPress blogs.
Now, this obviously isn’t going to make your WordPress blog hack proof, but what it will do is make it so hackers can’t easily locate your blog if it is using a vulnerable WordPress installation.
Update: Thanks to a tip from Leland, it looks like WordPress 2.5+ now generates the meta link anyway via the wp_head hook, which is something you can’t remove. With that said, if you care about your security, you can still remove the meta generator. It looks like Ian of ThemeShaper has provided a couple methods, including a WordPress plugin to remove the meta generator information from your WordPress blog.