low risk

How to Hide the WordPress Version Number

WordPress exposes its version in a meta tag, RSS feeds, and /readme.html. Attackers use it to match your site against known exploits for that exact version. Hiding it is defense-in-depth — the real fix is staying updated.

  1. 1

    Remove the generator tag

    Strip the version from the page head and feeds in functions.php:

    remove_action( 'wp_head', 'wp_generator' );
    add_filter( 'the_generator', '__return_empty_string' );
  2. 2

    Block readme.html

    readme.html shows the exact version. Deny it in .htaccess:

    <Files readme.html>
      Require all denied
    </Files>
  3. 3

    Keep WordPress updated (the real fix)

    Hiding the version slows automated scanners but won't stop a determined attacker. Enable automatic updates for minor releases and update core promptly.

Is your site affected?

Run a free external scan — 36 checks, no login or plugin required.

Scan your site free

More fix guides