By default, WordPress broadcasts its version number in several locations. This information helps attackers identify sites running vulnerable versions. Hiding it is a simple, high-value security hardening step.

Where WordPress exposes its version

WPStats detects version exposure from script URLs and the meta generator tag, flagging it as a security issue.

Method 1: functions.php (recommended)

Add this code to your theme's functions.php or a custom plugin:

// Remove version from head
remove_action('wp_head', 'wp_generator');

// Remove version from RSS feeds  
add_filter('the_generator', '__return_empty_string');

// Remove version from scripts and styles
function remove_wp_version_strings($src) {
    global $wp_version;
    parse_str(parse_url($src, PHP_URL_QUERY), $query);
    if (!empty($query['ver']) && $query['ver'] === $wp_version) {
        $src = remove_query_arg('ver', $src);
    }
    return $src;
}
add_filter('script_loader_src', 'remove_wp_version_strings');
add_filter('style_loader_src', 'remove_wp_version_strings');

Method 2: Use a security plugin

All major security plugins (Wordfence, iThemes Security, Sucuri) include version hiding. Enable it in their settings panel — usually called "WordPress Tweaks" or "Security Hardening."

Method 3: Delete readme.html

The readme.html file in your WordPress root contains version information and has no functional purpose on a live site. Delete it via FTP or File Manager in cPanel. Note: it gets recreated on WordPress updates, so you'll need to re-delete it or automate the deletion with a plugin or cron job.

Verify the changes

After making changes:

  1. View your page source (Ctrl+U) and search for your WP version number — it should not appear
  2. Visit /wp-json/ and check if the version is in the response
  3. Run WPStats on your site — the "Version hidden" check should now show green

Important: Hiding your version number is a security-through-obscurity measure — it's not a substitute for keeping WordPress updated. Always run the latest version.

Check if your WordPress version is exposed

WPStats checks version exposure and 10+ other security indicators.

Scan your site now