How to make WordPress more secure – part 2

WordPress is a fantastic blogging platform to use for your blog, but did you know that WordPress is actually telling spammers what version of WordPress you use. The version number may not be sucha big thing you may say, but it is because spammers and hackers then know how to best attack your blog!!!

Since WordPress is telling everyone the version number you use spammers and everyone else interested will know what vulnerabilities existed in that version and this information will help anyone who may want to attack your blog.

To find the version number of your blog (without loggin in to the dashboard) , you just view the source code of your blog and locate this HTML tag somewhere in the header:

<meta name="generator" content="WordPress 2.9.2" />
This information doesn’t only help spammers and hacker to attack your blog, but it also helps them to locate your WordPress blog. By searching for this information in web pages spammers can easily identify your blog as a WordPress blog ans start spamming you with comment spam.

Now you know why it’s important to hide this information, so how do you hide the version number?

If you look in the folder where your theme is located (wp-content/themes/the name of your theme/) you should find a file called functions.php. Open this file in a text editor (like wordpad or nano for example) and add the following code a few lines after the first line:

function xmcom_remove_version()
         return '';
add_filter('the_generator', 'xmcom_remove_version');

This will remove the version number from both your HTML source code and your feed.

I noticed however that some themes got another piece of code leaking your version number even if you add the code above in functions.php, so for some themes you will have to look in header.php too. The code you should remove look something like this:

<meta name="generator" content="WordPress
<?php bloginfo('version'); ?>" />

If you had this code in your header.php and remove that you shouldn’t give away your version number to anyone anymore 🙂 .

