WordPress adds a generator tag at various locations. Basically that’s a good idea because it provides a means to check out the different versions of WordPress that are actively being used in the blogosphere.
I’ve found the generator meta tag in my fresh installation of WordPress 2.7 here, there and everywhere:
/* In the HTML header */ <meta name="generator" content="WordPress 2.7" /> /* In the RSS feed */ <generator>http://wordpress.org/?v=2.7</generator> /* In the Atom feed */ <generator uri="http://wordpress.org/" version="2.7">WordPress</generator> |
And the code suggests that there’re even more places where this tag might show up.
How to remove it completely
If you’re doing some security through obscurity you might have googled a little bit and found the solutions that use the following piece of PHP code just unsatisfactory:
remove_action('wp_head', 'wp_generator'); |
So let’s remove it completely like so:
function rm_generator_filter() { return ''; } add_filter('the_generator', 'rm_generator_filter'); |
This will remove the tag everywhere: from the HTML, the RSS and the Atom feed, et cetera.
WordPress’ world of possibilities…
Now I’d like to present another solution that might make sense: What about removing the generator tag almost everywhere but not in case of RDF content? Since RDF is widely used as a format for data mining applications why not show the information to these web robots? You could do this like so:
function rm_generator_filter() { return ''; } if (function_exists('add_filter')) { $types = array('html', 'xhtml', 'atom', 'rss2', /*'rdf',*/ 'comment', 'export'); foreach ($types as $type) add_filter('get_the_generator_'.$type, 'rm_generator_filter'); } |
What it does is adding a filter for every type but RDF returning just and empty string for the generator meta tag.
Although this doesn’t make much sense from the standpoint of security through obscurity because making the information available in just one place would compromise your security anyway, I just wanted to show that WordPress is flexible enough to do something like this.
Download
You can download the above code packaged in a plugin here. Have a look at the code and checkout the define in line 30: set it to true or false whether you’d like to remove the tag completely or not; the default is to remove it just everywhere.
Thanks! Exactly what I was looking for. 🙂
Hey, thanks man. Yours is better.
This is great, thanks!
I’d like to add that when you use an XML sitemap plugin such as Google Sitemap Generator, which depends on that meta tag, the first code will make it break (the sitemap, not the site itself). So better always use your 2nd bit of code and NOT add xml as a file type to that array – like you did. Then it will work just fine.
Hi Bob,
thanks a lot for this hint!
When I paste your code into my function.php, others are disapeared and my theme doesn’t work.
What happen?
Hi V.C.,
I haven’t found the reason for this; it seems to happen on some themes only.
Sorry, but I haven’t got a solution for this at the moment.
Pingback: Artiklar för Wordpress tema- eller plugin-kodaren | jenst.se
Hello, this is very helpful – thanks!
Just to double check: if I’m using
does it mean that I don’t have to have
Thanks.
Hi Dasha,
that’s correct, you just need one of the two where the code you put first is a bit better because it removes the generator information not just from the HTML header of a certain page but from everywhere it might show up, e.g. like in a RSS feed.
Works fine for me , but will showing a different generator more safe ? As one of my blogs had been hacked recently =( , I am doing everything to prevent my any other blog from being hacked.
Hi mkvmovies,
updating to the most recent version of WordPress as soon as it is announced stable is the best thing you can do to prevent your blog from being hacked. Obfuscating the version you’re using might help preventing script kiddies from checking out your site but won’t shy away serious crackers. I still recommend to simply hide the generator, if possible.
I like modifying the core files to make wordpress my own so I went directly here.
wp-includes/general-template.php
the function where the generator is located at is :
function get_the_generator( $type = ” )
at least it is for version 3.3.1
Like I said, i like making it my own, so I decided to modify the core files. I have also modified the wordpress admin pages to suit my needs.
However, if you like to update your wordpress to the current version , i recommend that you do not modify the core files
Dear Javier,
your last sentence is the most important one: since everybody should be upgrading WordPress to the most recent version as soon as it is released nobody should make any changes to the core files. In fact, this isn’t even necessary because WordPress provides a filter API that allows you to change a lot of things. And if you really found something that you can’t change, submitting a patch to the core would be the way to go.
Really, great solution ever i found on the internet to remove wp generator. Thanks a lot buddy !!
Pingback: Remove meta generator and hide WordPress version - MINIMALITE
Thanks for the code. I feel much safer now. I really appreciate for what you’ve done.
Editing general-template.php works fine for me. Thanks for the input.