WordPress adds a generator tag at various locations. Basically that’s a good idea because it provides a means to check out the different versions of WordPress that are actively being used in the blogosphere.
I’ve found the generator meta tag in my fresh installation of WordPress 2.7 here, there and everywhere:
/* In the HTML header */ <meta name="generator" content="WordPress 2.7" /> /* In the RSS feed */ <generator>http://wordpress.org/?v=2.7</generator> /* In the Atom feed */ <generator uri="http://wordpress.org/" version="2.7">WordPress</generator>
And the code suggests that there’re even more places where this tag might show up.
How to remove it completely
If you’re doing some security through obscurity you might have googled a little bit and found the solutions that use the following piece of PHP code just unsatisfactory:
remove_action('wp_head', 'wp_generator');
So let’s remove it completely like so:
function rm_generator_filter() { return ''; } add_filter('the_generator', 'rm_generator_filter');
This will remove the tag everywhere: from the HTML, the RSS and the Atom feed, et cetera.
WordPress’ world of possibilities…
Now I’d like to present another solution that might make sense: What about removing the generator tag almost everywhere but not in case of RDF content? Since RDF is widely used as a format for data mining applications why not show the information to these web robots? You could do this like so:
function rm_generator_filter() { return ''; } if (function_exists('add_filter')) { $types = array('html', 'xhtml', 'atom', 'rss2', /*'rdf',*/ 'comment', 'export'); foreach ($types as $type) add_filter('get_the_generator_'.$type, 'rm_generator_filter'); }
What it does is adding a filter for every type but RDF returning just and empty string for the generator meta tag.
Although this doesn’t make much sense from the standpoint of security through obscurity because making the information available in just one place would compromise your security anyway, I just wanted to show that WordPress is flexible enough to do something like this.
Download
You can download the above code packaged in a plugin here. Have a look at the code and checkout the define in line 30: set it to true or false whether you’d like to remove the tag completely or not; the default is to remove it just everywhere.
11 comments ↓
I’d like to add that when you use an XML sitemap plugin such as Google Sitemap Generator, which depends on that meta tag, the first code will make it break (the sitemap, not the site itself). So better always use your 2nd bit of code and NOT add xml as a file type to that array – like you did. Then it will work just fine.
thanks a lot for this hint!
What happen?
I haven’t found the reason for this; it seems to happen on some themes only.
Sorry, but I haven’t got a solution for this at the moment.
Just to double check: if I’m using
does it mean that I don’t have to have
Thanks.
that’s correct, you just need one of the two where the code you put first is a bit better because it removes the generator information not just from the HTML header of a certain page but from everywhere it might show up, e.g. like in a RSS feed.
updating to the most recent version of WordPress as soon as it is announced stable is the best thing you can do to prevent your blog from being hacked. Obfuscating the version you’re using might help preventing script kiddies from checking out your site but won’t shy away serious crackers. I still recommend to simply hide the generator, if possible.
Leave a Comment