Comments on: WordPress Tip: Always Remove the WordPress Version Code

By: Shahab khan

Shahab khan — Thu, 24 Dec 2009 21:53:38 +0000

Though i have been blogging for the past one year. But i’ve just come to know about this.

By: Dick

Dick — Tue, 08 Sep 2009 15:59:41 +0000

Thanks, this woke me up to the whole issue of upgrades. I am still using WP 2.0 and I wanted to add Kontera links to my WP blogs. They gave me a WP plugin I can use to populate their ads throughout all posts but not before I upgrade.

By: Kyle Eslick

Kyle Eslick — Fri, 22 May 2009 15:04:27 +0000

@ Lea – This changed after this post was published with a later release of WordPress. See the above comments for an explanation!

By: Lea

Lea — Fri, 22 May 2009 01:02:54 +0000

Well, I’ve tried all the above methods for removing traces of my WordPress version from public viewing and none have worked.

I used a FireFox plugin for website info which leads to http://www.wmtips.com/tools/info/ and they still have my current WordPress version listed under “generator.”

I removed the generator/generated string from my theme header, removed WordPress from my footer, protected my version.php, tried

adding to functions.php

and

@global string $wp_version
*/
$wp_version = ‘(version removed for security)’;

Yet the above website still displays my current WordPress version.

By: jomammy

jomammy — Sun, 15 Feb 2009 07:25:39 +0000

Do not remove your wp_head action!
Yes the latest versions of wordpress do add the version to the page via the wp_head call in numerous locations but this makes it easy to remove the version. Look in wp-includes/version.php and change the version number there and it will propogate throughout the system because all calls to bloginfo(‘version’) read from this string in this file.

I change mine to:
/**
* The WordPress version string
*
* @global string $wp_version
*/
$wp_version = ‘(version removed for security)’;

By: WordPress Security Keeping your blog Secure | Web Services and Tools

WordPress Security Keeping your blog Secure | Web Services and Tools — Sat, 04 Oct 2008 05:56:42 +0000

[...] Noupe Blog – Security Tips and Tricks Has your Website been Hacked WordPress users – Watch Out! WordPress Tip – Remove the Version code [...]

By: 100+ Killer Wordpress Resources | Steffan Antonas' Blog

100+ Killer Wordpress Resources | Steffan Antonas' Blog — Tue, 16 Sep 2008 16:00:41 +0000

[...] Why It’s Important to Always Remove The Wordpress Version Code [...]

By: links for 2008-07-30 | ????? ?? ??"? ???

links for 2008-07-30 | ????? ?? ??"? ??? — Wed, 30 Jul 2008 08:31:49 +0000

[...] WordPress Tip: Always Remove the WordPress Version Code ??? ????? ???????? ?? ????? ?? ?????. ???? ??? ??????? 2.5 ????? ???????? ?? ??’ ????? ????????. (tags: wordpress security) [...]

By: Lawrence Salberg

Lawrence Salberg — Sun, 27 Jul 2008 21:39:12 +0000

I disagree. The problem with people hacking WP installs isn’t because of an obvious version number (which is more than often replicated in the footer of many free themes as well).

The problem is people never upgrading their WP installation. Quite frankly, this is the kind of useless tip that gives homage to the enemy. If we really want to make the world safe from hackers, we ought to send messages to those running old versions of WordPress harassing them into upgrading. And while that wouldn’t do any less to keep hackers at bay than removing the version meta data as suggested here, we at least would be occasionally accomplishing something, rather than giving people the false confidence that their outdated installation is now “secure” by deleting a line of code in header.php. A few extra minutes should be devoted to upgrading.

Having said that, the real problem is that although cPanel and other self-installing scripts push the latest version of WP pretty quickly, Automattic needs to find a way to cooperate with the major U.S. hosting services to force them to force their customers to upgrade. In other words, cPanel ought to also “lock” (flat-file) a WP-install once Automattic determines it is inherently unsafe to use anymore. Thus, their blog would still be up (as flat HTML files), but the Admin panel would be inaccessible and replaced with an admonition that an upgrade to version X.X is required to use WordPress.

It would be in Hosts best interest to do this. Although people will scream bloody murder (because they are lazy self-absorbed idiots who think the open-source world owes them a living), they will scream a lot louder once they get hacked, particularly if they lose data, and nagging at their host to fix all their problems. Better the first option than the second – plus the first option deters and deflates the egos of script-kiddies, a plus in my book. Also, the whining anti-upgrade crowd won’t be able to blog about it, at least not until they upgrade, so the noise level will be relatively diminished.

By: Remove Wordpress Version? | CMSThemestore.com

Remove Wordpress Version? | CMSThemestore.com — Sun, 27 Jul 2008 14:06:23 +0000

[...] at bay. Now Kyle Eslick over at HackWordpress.com has written a really good article called “Always Remove the WordPress Version Code” where he explains the how and the why of keeping what version of Wordpress you are using under lock [...]