WordPress.org

Ideas

Remove WordPress Version from wp_head()

  1. Daniel Craig Jallits
    Member

    12345

    I propose removing the default call in wp_head(); to display the WordPress version. Users shouldn't have to add lines to their functions.php file or download a plug-in to take this step in protecting their site.

    Posted: 8 years ago #
  2. Jeff Chandler
    Member

    12345

    Protecting their site from what exactly? Do you think you are being sneaky by removing he version number in the source code?

    Posted: 8 years ago #
  3. Justin Tadlock
    WordPress God

    12345

    This would do nothing to protect your site.

    Posted: 8 years ago #
  4. Daniel Craig Jallits
    Member

    12345

    Malicious users can and have developed bots that scour the Internet, parsing page source, looking for the following snippet...

    <meta name="generator" content="WordPress X.X.X" />

    When found these results are reported back to the malicious user (most likely a script kiddie) so that they can use known exploits against older versions of WP.

    Posted: 8 years ago #
  5. Justin Tadlock
    WordPress God

    12345

    And, if for some reason one thinks this will magically protect a site, it takes minimal code to remove this via your functions.php file.

    Posted: 8 years ago #
  6. shawnparker
    Inactive

    Just delete the action... one line fix.

    remove_action('wp_head', 'wp_generator');

    Posted: 8 years ago #
  7. signpostmarv
    Member

    This would be rather irrelevant if you keep your blog up-to-date...

    Posted: 8 years ago #

  8. Inactive

    Guys, your criticisms of the suggestion all presuppose that every user is working in ideal conditions.

    There many people running professional sites with WP who don't know how to upgrade - one of the reasons people choose WP is that it's so easy to work with, there are many very non-technical people out there using WP.

    There are also people using WP on shitty hosts like Yahoo, or small private hosting companies whose servers have odd settings, and for those people the automatic upgrade feature doesn't work.

    And to expect the average user to even know that it would be a good idea to hide the version code is crazy, let alone to expect them to know how.

    I think this is an excellent suggestion, I would love to see the version hidden by default. There's no need for anyone but the site admin to know the version, or even that the site is built with WP.

    Posted: 8 years ago #
  9. This has been talked about in WP Trac but as Justin Tadlock and shawnparker pointed out above, you can easily remove it! - If you'd rather use a plugin, that's possible too people! ;)

    Posted: 8 years ago #

RSS feed for this topic

Topic Closed

This topic has been closed to new replies.

  • Rating

    12345
    5 Votes
  • Status

    Sorry, not right now