SnipSnip.pro

WordPress Security: Remove Version Number from RSS & Page Source

, , ,
Security remove wordpress version number from rss page source snipsnip.pro .code snippets.json

There’s….. a…… BOT….. COMING… FOR… YOUR… SITE!!!!!!!!! And maybe it wants to peep your meta tags or RSS feed to see what version of WordPress you’re using and see if it can exploit that. But you say, “NOPE!” Because you’re using this script which will remove your version number from the HTML source and RSS feed. BAM! (Note: yea… it’s not foolproof, because your version number is still sometimes exposed in script and style urls in your HTML source – but we’re not tackling those now.)

What it does…

The code is a PHP class for WordPress that removes the version number from the generator tag in the HTML output and the RSS feed’s header, which can help improve security by hiding information about the WordPress version being used. It does this by removing the wp_generator action from the wp_head hook and adding a filter to the the_generator hook to remove the version number. It also removes the version number from the RSS feed generator tag by removing the the_generator action from the rss2_head hook.

Why it does it…

Removing the version number from the generator tag in the HTML output and the RSS feed’s header can help improve security by hiding information about the WordPress version being used. This can prevent potential attackers from exploiting known vulnerabilities in older versions of WordPress.

How it does it…

The code instantiates a PHP class called WordPress_Security_RemoveVersion, which has a constructor that adds actions to the after_setup_theme and rss2_head hooks. The remove_version_numbers method removes the wp_generator action from the wp_head hook and adds a filter to the the_generator hook to remove the version number. The remove_version_number method simply returns an empty string to remove the version number from the generator tag. The remove_rss_version_number method removes the wp_generator and the_generator actions from the rss2_head hook. Finally, the class is instantiated to apply the actions to the appropriate hooks.

Download JSON for importing into Code Snippets Pro
Download PHP for adding as a plugin or copying into functions.php

See the code…

<?php

if ( ! class_exists( 'WordPress_Security_RemoveVersion', false ) ) {
    class WordPress_Security_RemoveVersion {
        const VERSION = '1.2';

        public function __construct() {
            add_action( 'after_setup_theme', array( $this, 'remove_version_numbers' ), 999 );
            add_action( 'rss2_head', array( $this, 'remove_rss_version_number' ) );
        }

        /**
         * Remove the version numbers from the generator tags.
         */
        public function remove_version_numbers() {
            // Remove the wp_generator action from the wp_head hook.
            remove_action( 'wp_head', 'wp_generator' );

            // Add a filter to the the_generator hook to remove the version number.
            add_filter( 'the_generator', array( $this, 'remove_version_number' ) );
        }

        /**
         * Remove the version number from the generator tag.
         *
         * @param string $html The original HTML string.
         * @return string The modified HTML string with the version number removed.
         */
        public function remove_version_number( $html ) {
            // For this we just return empty string to remove the HTML entirely.
            return '';
        }

        /**
         * Remove the version number from the RSS feed generator tag.
         */
        public function remove_rss_version_number() {
            remove_action( 'wp_head', 'wp_generator' );
            remove_action( 'rss2_head', 'the_generator' );
        }
    }

    // Instantiate the class.
    new WordPress_Security_RemoveVersion();
}

Leave a Reply

Your email address will not be published. Required fields are marked *