How to hide the Generator meta tag in WordPress:
The solution that we’re going to see now is pretty simple. But first let’s look at some background and usefulness before the solution is given. If you came here just for the solution, head straight there now.
Hackers have many ways to attack your website. One such way is to know which version of WordPress you are using and using this information to find vulnerabilities in that specific version. Using this weakness, hackers can easily take control or spam your website. Obviously this is something that we want to avoid.
There are many ways to get rid of the generator meta tag that shows the WordPress version to the world. However, some will advice you to remove the tag directly from the header file which will just remove it from the website. A well learned hacker knows that that is not the only place to find your WordPress version. If you have provided RSS feeds option in your website, then removing this from header will not solve your problem, because the WordPress version shows up in RSS feeds too!
So, what’s the best way to get rid of this unnecessary information being shown to the world that may cause you heart ache? Of course, other solutions include, adding a piece of code to your functions.php file under the theme editor area. While this too does the job well, there are few of us who don’t want to get our hands dirty by editing the code stuff. So, for the people who are not so good at tech or coding, there is a plugin available to do the dirty work for you – let’s get ahead and employ the plugin for this purpose – note: this plugin not only does this thing, but will also help you with MANY other security features, that is a must for your website.
Here is that best solution:
Get this plugin installed in your WordPress: Wordfence Security Plugin.
Wordfence is a plugin that I’ve started using as soon as I learned that teh WordPress version is not required to be shown to the world – however, it took me few days to get this knowledge.
What Wordfence does is that it first starts checking your website to see if its already infected. It does a deep server side scan of your website’s source code comparing it to the official WordPress repository for core, themes and plugins. Then, it secures your website and also, as it claims, makes your website a little more faster in loading time.
As I mentioned above, there is no need to edit any code. Wordfence takes care of it. Additionally, wordfence also offers the below security features:
Other Wordfence Security features:
(as given in WordPress plugin repository page)
- Includes Falcon Engine, the fastest WordPress caching engine available today. Falcon is faster because it reduces your web server disk and database activity to a minimum.
- Includes support for other major plugins and themes like WooCommerce.
- Real-time blocking of known attackers. If another site using Wordfence is attacked and blocks the attacker, your site is automatically protected.
- Sign-in using your password and your cellphone to vastly improve login security. This is called Two Factor Authentication and is used by banks, government agencies and military world-wide for highest security authentication.
- Includes two-factor authentication, also referred to as cellphone sign-in.
- Scans for the HeartBleed vulnerability – included in the free scan for all users.
- Wordfence includes two caching modes for compatability and has cache management features like the ability to clear the cache and monitor cache usage.
- Enforce strong passwords among your administrators, publishers and users. Improve login security.
- Scans core files, themes and plugins against WordPress.org repository versions to check their integrity. Verify security of your source.
- Includes a firewall to block common security threats like fake Googlebots, malicious scans from hackers and botnets.
- Block entire malicious networks. Includes advanced IP and Domain WHOIS to report malicious IP’s or networks and block entire networks using the firewall. Report security threats to network owner.
- See how files have changed. Optionally repair changed files that are security threats.
- Scans for signatures of over 44,000 known malware variants that are known security threats.
- Scans for many known backdoors that create security holes including C99, R57, RootShell, Crystal Shell, Matamu, Cybershell, W4cking, Sniper, Predator, Jackal, Phantasma, GFS, Dive, Dx and many many more.
- Continuously scans for malware and phishing URL’s including all URL’s on the Google Safe Browsing List in all your comments, posts and files that are security threats.
- Scans for heuristics of backdoors, trojans, suspicious code and other security issues.
- Checks the strength of all user and admin passwords to enhance login security.
- Monitor your DNS security for unauthorized DNS changes.
- Rate limit or block security threats like aggressive crawlers, scrapers and bots doing security scans for vulnerabilities in your site.
- Choose whether you want to block or throttle users and robots who break your security rules.
- Includes login security to lock out brute force hacks and to stop WordPress from revealing info that will compromise security.
- See all your traffic in real-time, including robots, humans, 404 errors, logins and logouts and who is consuming most of your content. Enhances your situational awareness of which security threats your site is facing.
- A real-time view of all traffic including automated bots that often constitute security threats that Javascript analytics packages never show you.
- Real-time traffic includes reverse DNS and city-level geolocation. Know which geographic area security threats originate from.
- Monitors disk space which is related to security because many DDoS attacks attempt to consume all disk space to create denial of service.
- Wordfence Security for multi-site also scans all posts and comments across all blogs from one admin panel.
- WordPress Multi-Site (or WordPress MU in the older parlance) compatible.
- Premium users can also block countries and schedule scans for specific times and a higher frequency.
All said and done, hiding the WordPress version alone is not going to safeguard your website. It’s wise to always have your website updated with latest plugins and themes. Mainly, keep your WordPress software up to date. You can also install WordPress version check and alert plugins that are available from the WordPress plugins repository.