English

Nederlands

English

Nederlands

Obfuscate WordPress Files & Version

WordPress exposes its version number in several places — the site header, RSS feeds, and asset URLs. Attackers use this information to target known vulnerabilities. The snippets below hide that information without affecting functionality.

Add the snippets below to your active theme's functions.php file, directly under the opening <?php tag.

Remove version from header & RSS feeds

By default, WordPress adds its version number to the site header and RSS feeds. Removing it makes it harder for attackers to identify your WordPress version.

php
// Remove WordPress version from header
remove_action('wp_head', 'wp_generator');

// Remove version from RSS feeds
function remove_wp_version_rss() {
    return '';
}
add_filter('the_generator', 'remove_wp_version_rss');

Remove version from styles & scripts

WordPress appends its version number to CSS and JavaScript files as a query string (e.g. style.css?ver=6.5). While this helps with caching, it also exposes your version to potential attackers.

The snippet below removes version strings from all enqueued CSS and JS files:

php
// Remove version query strings from static files
function remove_cssjs_ver($src) {
    if (strpos($src, 'ver=') !== false) {
        $src = remove_query_arg('ver', $src);
    }
    return $src;
}
add_filter('style_loader_src', 'remove_cssjs_ver', 10, 2);
add_filter('script_loader_src', 'remove_cssjs_ver', 10, 2);