As experienced WordPress developers at WPBeginner, we've helped thousands of sites harden their security. By default, WordPress includes its version number in your site's header and RSS feeds for tracking purposes—which is great for knowing it's the world's top blogging platform. However, exposing your version publicly can be a vulnerability if you're not on the latest release, as it hands hackers key intel.
If you're always running the newest WordPress version—as we strongly recommend—this guide isn't for you. But if you need to obscure it temporarily, read on for the proper method.
There are several ways to hide the version number, but only one fully protects your site by removing it everywhere.
Some tutorials suggest editing your theme's header.php to delete the wp_generator meta tag.
Others recommend adding this to your theme's functions.php:
remove_action('wp_head', 'wp_generator');These remove it from the HTML head, so casual source-code viewers won't see it. But savvy attackers check your RSS feeds, where the version still lurks untouched.
To eliminate it from both your site and feeds, add this code to your active theme's functions.php file:
function wpbeginner_remove_version() {
return '';
}
add_filter('the_generator', 'wpbeginner_remove_version');This comprehensive approach ensures no traces remain. It's the gold standard we've used on countless production sites.
Important: Updating to the latest WordPress remains the best defense—no code tweak beats patched security.