Why Hide the WordPress Version?
Hiding the WordPress version is crucial in securing your website against hackers and theme detectors.
By default, WordPress adds metadata and version numbers to scripts, styles, and images, revealing the CMS version you are using. Attackers can use this information to target vulnerabilities specific to that version.
How Version Appears in the Source Code
WordPress typically reveals version details in the following ways:
- Meta Generator Tag: Located in the
<head>section, this tag explicitly shows the WordPress version. - Version Parameters: CSS, JavaScript, and image URLs include version parameters (e.g.,
style.css?ver=6.7.1), exposing plugin, theme, and core versions.
It’s important to note that not only WordPress but also plugins and themes add version details to the source code. These versions can be exposed in:
- CSS and JavaScript Files: Plugins and themes append their versions to asset URLs.
Hiding plugin and theme versions is equally important, especially if a specific version has known security vulnerabilities. Attackers often target outdated plugins and themes, making this step critical for comprehensive security.
Activate the Version Hiding Feature in WP Ghost
Hide Version from Images, CSS, and JS
Once activated, WP Ghost will automatically strip version numbers from your source code, securing your site from theme detectors and bots.
- Go to WP Ghost > Tweaks > Hide Options.
- Switch on the Hide Version from Images, CSS, and JS in WordPress option to hide all versions from the frontend’s CSS, JS, and Images.
Random Static Number
Removing version parameters can lead to caching issues. Browsers might continue to load old cached versions of CSS and JavaScript files instead of updated ones.
To avoid caching problems, WP Ghost includes a Random Static Number feature, also known as a cache-busting mechanism. This feature appends a unique identifier to the static files, ensuring the browser always fetches the latest version (e.g. style.css?rnd=37342).
- Go to WP Ghost > Tweaks > Hide Options.
- Switch on the Random Static Number option to add a random number for static files while users are logged in.
This method preserves the ability to force browsers to load updated files while keeping version details hidden.
Conclusion
Hiding your WordPress version is a simple yet effective way to protect your site from common vulnerabilities and automated scanning tools.
WP Ghost streamlines this process and provides built-in solutions to address caching issues, ensuring your site remains secure and up-to-date without breaking functionality.