Security – Locking Down Your Site

This entry is part 3 of 4 in the series WordPress Security

Hide WordPress Version in the Header Tag

Although you have deleted the WordPress version meta data from your theme, you may still get WordPress version line in the page returned by the blog software. The culprit is, since version 2.5 WordPress has added the feature to generate this code.

Add the following line to the functions.php file in your theme directory: (Create a blank PHP file with this name if your theme doesn’t already have one)

<?php remove_action('wp_head', 'wp_generator'); ?>
It is important to note that even with all of those above implemented, there is no guarantee that your blog will be safe. Just that you decrease the chance tremendously and discourage those crackers from targeting your blog.

New exploits are discovered every so often and when a fix has not been made available yet, everyone is at risk. However, by implementing all or some of the tips above, at the very least it should give you peace of mind that you are not leaving your house unlocked.

I recommend the plugin Better WP Security which is easy to use and configure, and does many of the security functions for you.

Series Navigation<< Security – Proper WordPress InstallationSecurity – Backing-Up Your Site >>


  1. Mark Kelnar says:

    What about removing the readme.html file from your WordPress install directory? Like . It’s got the version number in there too.

%d bloggers like this: