How To Hide WordPress Meta Generator Version Info

NOTE / WARNING: This is not a true “security” measure and “protection” in any way, that you should rely upon! Security through obscurity is just hiding problems under the carpet, not solving them. It may buy you some time until you perform a full upgrade, but you should definitely not avoid regular security updates at any cost.

PART 1: REMOVE WORDPRESS META GENERATOR

WordPress Meta Generator

Here is a simple way how to hide WordPress info field meta name=”generator” content=”WordPress 4from the page’s HTML source code. Place the below hooks & filter functions inside your theme’s functions.php file and upload it back to server via FTP or SFTP:

How to hide WordPress Meta Generator version number

No plugin required! Afterwards, when you open your blog’s page source code view meta name=”generator”line will be gone. If you use a caching plugin for WordPress, you must clear all cache for changes to take effect.

PART 2: REMOVE WORDPRESS VERSION INFO FROM SCRIPTS

Wait! Not so Fast! Even if we remove WordPress declaration & version info from the meta tags section, we can still extract the actual number from different places. Take another look into the source code and look specifically for CSS and JS script files:

<link rel=’stylesheet’ id=’dashicons-css’ href=’http://mywebsite . com/wp-includes/css/dashicons.min.css?ver=4.5.3‘ type=’text/css’ media=’all’ />
<link rel=’stylesheet’ id=’admin-bar-css’ href=’http://mywebsite . com/wp-includes/css/admin-bar.min.css?ver=4.5.3‘ type=’text/css’ media=’all’ />

As we can see above, only jQuery plugins pass their own version number info in the URL as parameter, while all other CSS styles and JS scripts pass default value of WordPress core itself!

This behavior is documented in wp_enqueue_style() and wp_enqueue_script() functions @ WordPress Codex. Take a look at the param structure of both functions:

wp_enqueue_script(
    string $handle,
    string $src = false,
    array $deps = array(),
    string|bool|null $ver = false,
    bool $in_footer = false
)

wp_enqueue_style(
    string $handle,
    string $src = false,
    array $deps = array(),
    string|bool|null $ver = false,
    string $media = 'all'
)

And, particularly, the version parameter:

$ver

(string|bool|null) (Optional)

String specifying stylesheet version number, if it has one, which is added to the URL as a query string for cache busting purposes. If version is set to false, a version number is automatically added equal to current installed WordPress version. If set to null, no version is added.

Default value: false

The default value is set to false; which means if the plugin, theme or any other code resource that calls/uses wp_enqueue_() functions does not specifically set or supply version parameter, WP core will add one by itself, equal to the current version of WordPress!

We need to add another 2 filters, one for CSS and one for JS files, to remove WordPress version number from the URL params:

How to hide WordPress Version Number From JS-CSS Scripts

No plugin required! Afterwards, when you open your blog’s page source code view, all ?ver=x.x.x numbers will be gone from both CSS and JS files, respectively. If you use a caching plugin for WordPress, you must clear all cache for changes to take effect.

COMPLETE CODE

<?php
// Remove WordPress Meta Generator
remove_action('wp_head', 'wp_generator');

// Hide WordPress Version Info
function hide_wordpress_version() {
	return '';
}
add_filter('the_generator', 'hide_wordpress_version');

// Remove WordPress Version Number In URL Parameters From JS/CSS
function hide_wordpress_version_in_script($src, $handle) {
    $src = remove_query_arg('ver', $src);
	return $src;
}
add_filter( 'style_loader_src', 'hide_wordpress_version_in_script', 10, 2 );
add_filter( 'script_loader_src', 'hide_wordpress_version_in_script', 10, 2 );
?>

FINAL NOTES

If your theme’s function.php file already has an opening <?php and closing ?> PHP tags, you do not need first and last line from above code. However, you have to carefully place this code after all previously existing theme’s code and before the final closing ?> tag. Remember, if you use a 3rd party theme from other authors, you will lose all changes after theme update procedure, so you’ll have to repeat / re-insert above code after each upgrade.

Advertisements

Trả lời

Mời bạn điền thông tin vào ô dưới đây hoặc kích vào một biểu tượng để đăng nhập:

WordPress.com Logo

Bạn đang bình luận bằng tài khoản WordPress.com Đăng xuất /  Thay đổi )

Google photo

Bạn đang bình luận bằng tài khoản Google Đăng xuất /  Thay đổi )

Twitter picture

Bạn đang bình luận bằng tài khoản Twitter Đăng xuất /  Thay đổi )

Facebook photo

Bạn đang bình luận bằng tài khoản Facebook Đăng xuất /  Thay đổi )

Connecting to %s