Removing the WordPress Generator meta tag completely

WordPress adds a generator tag at various locations. Basically that’s a good idea because it provides a means to check out the different versions of WordPress that are actively being used in the blogosphere.

I’ve found the generator meta tag in my fresh installation of WordPress 2.7 here, there and everywhere:

/* In the HTML header */
<meta name="generator" content="WordPress 2.7" />
 
/* In the RSS feed */
<generator>http://wordpress.org/?v=2.7</generator>
 
/* In the Atom feed */
<generator uri="http://wordpress.org/"
 version="2.7">WordPress</generator>

And the code suggests that there’re even more places where this tag might show up.

How to remove it completely

If you’re doing some security through obscurity you might have googled a little bit and found the solutions that use the following piece of PHP code just unsatisfactory:

remove_action('wp_head', 'wp_generator');

So let’s remove it completely like so:

function rm_generator_filter() { return ''; }
add_filter('the_generator', 'rm_generator_filter');

This will remove the tag everywhere: from the HTML, the RSS and the Atom feed, et cetera.

WordPress’ world of possibilities…

Now I’d like to present another solution that might make sense: What about removing the generator tag almost everywhere but not in case of RDF content? Since RDF is widely used as a format for data mining applications why not show the information to these web robots? You could do this like so:

function rm_generator_filter() { return ''; }
 
if (function_exists('add_filter')) {
  $types = array('html', 'xhtml', 'atom', 'rss2',
                 /*'rdf',*/ 'comment', 'export');
  foreach ($types as $type)
    add_filter('get_the_generator_'.$type, 'rm_generator_filter');
}

What it does is adding a filter for every type but RDF returning just and empty string for the generator meta tag.

Although this doesn’t make much sense from the standpoint of security through obscurity because making the information available in just one place would compromise your security anyway, I just wanted to show that WordPress is flexible enough to do something like this.

Download

You can download the above code packaged in a plugin here. Have a look at the code and checkout the define in line 30: set it to true or false whether you’d like to remove the tag completely or not; the default is to remove it just everywhere.

17 comments ↓

  • John Kirkham says:
    Thanks! Exactly what I was looking for. :)
  • Anthony says:
    Hey, thanks man. Yours is better.
  • Bob Soap says:
    This is great, thanks!

    I’d like to add that when you use an XML sitemap plugin such as Google Sitemap Generator, which depends on that meta tag, the first code will make it break (the sitemap, not the site itself). So better always use your 2nd bit of code and NOT add xml as a file type to that array – like you did. Then it will work just fine.

  • Hi Bob,
    thanks a lot for this hint!
  • V.C says:
    When I paste your code into my function.php, others are disapeared and my theme doesn’t work.
    What happen?
  • Hi V.C.,
    I haven’t found the reason for this; it seems to happen on some themes only.
    Sorry, but I haven’t got a solution for this at the moment.
  • [...] Removing the WordPress Generator meta tag completely [...]
  • Dasha says:
    Hello, this is very helpful – thanks!

    Just to double check: if I’m using

    function rm_generator_filter() { return ''; }
    add_filter('the_generator', 'rm_generator_filter');

    does it mean that I don’t have to have

    remove_action('wp_head', 'wp_generator');

    Thanks.

  • Hi Dasha,
    that’s correct, you just need one of the two where the code you put first is a bit better because it removes the generator information not just from the HTML header of a certain page but from everywhere it might show up, e.g. like in a RSS feed.
  • mkvmovies says:
    Works fine for me , but will showing a different generator more safe ? As one of my blogs had been hacked recently =( , I am doing everything to prevent my any other blog from being hacked.
  • Hi mkvmovies,
    updating to the most recent version of WordPress as soon as it is announced stable is the best thing you can do to prevent your blog from being hacked. Obfuscating the version you’re using might help preventing script kiddies from checking out your site but won’t shy away serious crackers. I still recommend to simply hide the generator, if possible.
  • javier says:
    I like modifying the core files to make wordpress my own so I went directly here.
    wp-includes/general-template.php

    the function where the generator is located at is :
    function get_the_generator( $type = ” )
    at least it is for version 3.3.1

    Like I said, i like making it my own, so I decided to modify the core files. I have also modified the wordpress admin pages to suit my needs.

    However, if you like to update your wordpress to the current version , i recommend that you do not modify the core files

  • Dear Javier,
    your last sentence is the most important one: since everybody should be upgrading WordPress to the most recent version as soon as it is released nobody should make any changes to the core files. In fact, this isn’t even necessary because WordPress provides a filter API that allows you to change a lot of things. And if you really found something that you can’t change, submitting a patch to the core would be the way to go.
  • Yogendra says:
    Really, great solution ever i found on the internet to remove wp generator. Thanks a lot buddy !!
  • [...] Removing the WordPress Generator meta tag completely | Christian Schenk Tweet !function(d,s,id){var [...]
  • Pustakawan says:
    Thanks for the code. I feel much safer now. I really appreciate for what you’ve done.
  • sabalera says:
    Editing general-template.php works fine for me. Thanks for the input.