This is not mandatory but as a security measure, it’s safe to hide the WordPress version number. Assume, if any vulnerability is found in the WordPress version which you are using, without coming to your knowledge, what if a hacker tries to get benefit from that vulnerability? You will be targeted only when your WordPress version is exposed.
I don’t think it is necessary for you to do this if you are the one who keeps everything in WordPress up to date, which includes its Core, Themes, Plugins, and PHP.
First, know the WordPress version number which is mentioned in the bottom right corner of the WordPress dashboard. Once you know your WP version (ex: 5.8.3), open any page of your website. Go to ‘Page Source‘ by clicking on Ctrl+U.
Once you are in the Page Source window, Press Ctrl+F and search for the version number (ex: 5.8.3).
As mentioned in the screenshot, you will see the number of items found. In this case, it is 4. In your case, it can be different.
Now let’s add the below code to the theme functions file or by adding a Snippet in the Code Snippets Plugin. We always recommend the Code Snippets Plugin method only. The reason is mentioned in a separate article on The Right Way of Adding Code to functions.php.
/* Remove Version Numbers Related to WordPress Only */
function wpclimax_remove_version() {
return '';
}
add_filter('the_generator', 'wpclimax_remove_version');
function wpclimax_remove_cssjs_versions( $src ) {
if( strpos( $src, '?ver=' ) )
$src = remove_query_arg( 'ver', $src );
return $src;
}
add_filter( 'style_loader_src', 'wpclimax_remove_cssjs_versions', 9999 );
add_filter( 'script_loader_src', 'wpclimax_remove_cssjs_versions', 9999 );In the above snippet, if you only add lines 2-5, it will only remove the WordPress version number from the WordPress generator. Not from its CSS and JS. If you only remove the WordPress version number, that makes no sense at all. Anyone can still detect your WordPress version just by searching by the version number.
You can first try doing that by doing a search for the keyword ‘wordpress’ in the source code first. You will get 1 instance that reads your current version.
Then add lines 2-5, and when you recheck, you cannot find the version number if again searched for the keyword ‘wordpress’. But when you directly search for the version number, you will get multiple instances exposing your WordPress version.
Our suggestion is, either remove the Version Number completely or Quit thinking about it.
Now when you have added the complete code above to your theme functions, let’s now check if it works. Let us conduct the same search for the version number (5.8.3 in my case).
You shouldn’t find any instance which reveals the version number to the public. You have now successfully removed WordPress version numbers from the WP Version Generator, its CSS, and JS. Now if you wish, you Hide your PHP version number from the Headers as well.