When it comes to protecting your WordPress site, every small tweak matters and one of the easiest yet most overlooked security measures is hiding the WordPress version number. This simple step can help protect your site from automated bots and attackers looking to exploit known vulnerabilities in specific WordPress versions.

In this article, we’ll walk you through why this matters, how to do it effectively, and what to avoid all from a client’s perspective, with no complex jargon.

Why Hide the WordPress Version Number?

WordPress, like any software, occasionally has security flaws. The WordPress development team is quick to patch these vulnerabilities in updates, but if you’re running an outdated version and that version number is visible in your site’s source code, attackers can target you directly.

For example, a hacker scanning sites might look for WordPress version 5.8.2 (which had some known issues) and launch automated attacks specifically designed for that version. If your version number is visible, you’ve made the job easier for them.

Key Reasons:

• Avoid targeted attacks on known vulnerabilities.

• Reduce visibility to bots that scan for specific WordPress versions.

• Make your website appear more secure and maintained.

Where Is the WordPress Version Displayed?

By default, WordPress includes the version number in the following locations:

• The HTML meta tag in your site’s <head> section.

• In the readme.html file in the root directory.

• Sometimes in the RSS feed.

Let’s go through how to cleanly hide or remove all of these.

How to Hide WordPress Version Number Step by Step

Here are simple methods that you or your developer can implement without needing to install any plugin.

1. Remove Version Meta Tag from Head

By default, WordPress injects this in your header:

To remove this, add the following code to your theme’s functions.php file:

This removes the generator meta tag, which hides the version number from the HTML source code.

2. Hide Version from RSS Feeds

Add the below line to your functions.php:

function remove_wp_version_rss() {
return ”;
}
add_filter(‘the_generator’, ‘remove_wp_version_rss’);

This ensures your RSS feed does not leak the WordPress version either.

3. Delete or Block Access to readme.html

The readme.html file is generated by default during installation and contains the WordPress version. It’s publicly accessible unless removed or blocked.

Option A: Delete the File

• Use FTP or File Manager to go to your WordPress root directory.

• Locate and delete readme.html.

Option B: Block via .htaccess
If you’re using Apache, add this to your .htaccess:

Either method will stop anyone from accessing the version details via the file.

4. Use a Security Plugin (Optional)

If you prefer not to edit files, some security plugins like iThemes Security or WP Hardening offer a one-click option to hide the version number.

However, if you’re already optimizing performance and want fewer plugins, the manual method is better for long-term stability.

What Not to Do

• Don’t just update the version number manually in the code it’s easily detectable.

• Don’t assume hiding the version means you can skip updates. Hiding the version is not a substitute for keeping WordPress up to date.

• Don’t rely solely on one security method. This is just one piece of a complete security strategy.

Extra Tip: Keep Your Site Updated

Even if the version number is hidden, running an outdated version of WordPress can still make your site vulnerable. Always:

• Keep your WordPress version, themes, and plugins updated.

• Backup your site regularly.

• Use strong usernames and passwords.

Hiding your version number is not foolproof, but it’s a smart move to reduce your exposure to random attacks.

Conclusion

For clients who want to ensure their websites remain secure, hiding the WordPress version number is a quick, effective, and low-risk step. It doesn’t replace more comprehensive security practices, but it certainly makes your site a less attractive target for hackers.

Whether you manage your website yourself or have a developer or hosting provider helping you, ask to implement this change as part of your routine hardening checklist. It takes less than 10 minutes and adds one more lock to your website’s front door.

FAQs – WordPress Version Number and Security

Q1: Is hiding the WordPress version necessary if my site is up to date?
A: While being up to date is your first defense, hiding the version number gives you added protection against bots and opportunistic attacks.

Q2: Can I hide the version number without editing code?
A: Yes, some security plugins offer this as a feature. However, editing functions.php is cleaner and uses fewer resources.

Q3: Will hiding the version number break my site?
A: No. It’s a safe operation that doesn’t affect core functionality.

Q4: Should I delete the readme.html file?
A: Yes, especially if you’re not using it. It provides no benefit and only exposes version details.

Q5: Do caching plugins re-expose the version?
A: Usually not, but always clear your cache after making changes.

Q6: Will this affect SEO?
A: No. Search engines do not use the generator meta tag for rankings.

Q7: Is it enough to hide only the meta tag?
A: For better protection, also hide the version in RSS feeds and remove the readme.html.

Q8: Can a hacker still find out my version?
A: Skilled attackers might, but hiding it will block most automated tools and bots.

Q9: Should I do this on staging sites too?
A: Yes, especially if the staging site is publicly accessible.

Q10: How do I check if my version is still visible?
A: View your website’s source code (Ctrl+U) and look for <meta name="generator"…. If it’s gone, you’re good.