Blog

Tech Tip: Hide your WordPress version to up your security

  |   General   |   No comment

When we need to quickly build an simple content managed site we usually turn to WordPress. It’s easy to see why 18% of the web is built using WordPress with it’s user friendly CMS and extensive collection of community plugins makes it a breeze to use and develop with.

 

But WordPress’ success brings its own problems, running 18% of the web makes it a ripe target for attack. Whilst the best remedy is to always keep your WordPress, theme and plugins up to date, this won’t protect you against a quick spreading security bug.

 

It’s common for attackers to scan thousands of website to try and detect what software they are running, and what version they are using. With this in mind, making that task harder for would-be attackers is the simplest form of defence.

 

By default WordPress will place a Meta tag in its header announcing to the world what version number you are running (it will also put this “announcement” in other places, like RSS feeds), removing this is very simple, just a few lines in the functions.php:

 

// Remove WordPress Version from Header and Feeds
function our_version_removal() {
return '';
}
add_filter('the_generator', 'our_version_removal');

 

There are a few tutorials around which will recommend either removing code from the header.php or using remove_action, but overriding the output of the_generator filter is the best way as this will cover both the meta tags and RSS Feeds, which the other solutions don’t do.

 

Of course, this is and doing this one minor change will not stop you getting attacked if your 4 versions out of date! But it does help you not to be low hanging fruit!

No Comments

Sorry, the comment form is closed at this time.