WordPress Security: Remove Version Number from RSS & Page Source

Security Remove Wordpress Version Number From Rss Page Source Snipsnip.pro .code Snippets.json

There’s….. a…… BOT….. COMING… FOR… YOUR… SITE!!!!!!!!! And maybe it wants to peep your meta tags or RSS feed to see what version of WordPress you’re using and see if it can exploit that. But you say, “NOPE!” Because you’re using this script which will remove your version number from the HTML source and RSS feed. BAM! (Note: yea… it’s not foolproof, because your version number is still sometimes exposed in script and style urls in your HTML source – but we’re not tackling those now.)

What it does…

The code is a PHP class for WordPress that removes the version number from the generator tag in the HTML output and the RSS feed’s header, which can help improve security by hiding information about the WordPress version being used. It does this by removing the wp_generator action from the wp_head hook and adding a filter to the the_generator hook to remove the version number. It also removes the version number from the RSS feed generator tag by removing the the_generator action from the rss2_head hook.

Why it does it…

Removing the version number from the generator tag in the HTML output and the RSS feed’s header can help improve security by hiding information about the WordPress version being used. This can prevent potential attackers from exploiting known vulnerabilities in older versions of WordPress.

How it does it…

The code instantiates a PHP class called WordPress_Security_RemoveVersion, which has a constructor that adds actions to the after_setup_theme and rss2_head hooks. The remove_version_numbers method removes the wp_generator action from the wp_head hook and adds a filter to the the_generator hook to remove the version number. The remove_version_number method simply returns an empty string to remove the version number from the generator tag. The remove_rss_version_number method removes the wp_generator and the_generator actions from the rss2_head hook. Finally, the class is instantiated to apply the actions to the appropriate hooks.

Use the JSON file for easily importing into your CodeSnippetsPro plugin. Use the PHP file or just copy/paste the code sample into your functions.php if you’re not using CodeSnippetsPro.

Related Snips

Leave a Reply

Your email address will not be published. Required fields are marked *