WordPress 2.5 Plugin Keeps the Version out of Source.

For anyone who has upgraded to WordPress 2.5 and above and likes to keep the WordPress version number out of the source code of your site when the source is viewed in a browser you could be in for a surprise. It might be back even though you eliminated the line of code in your theme’s “header.php” that generated the version number in the first place.

I know I was surprised to find “2.5.1” happily displayed when I viewed the source code for my main page in Firefox last night and for the life of me I couldn’t find anything in my theme’s “header.php” I might have missed. At first I thought I had forgotten to comment the line out when I upgraded the theme to the latest version but apparently not.

I finally decided to contact the author of my theme, Scott Wallick of PlainText.org (home of the famous “Sandbox” theme) about this. I have to admit that I was more than a bit surprised when he sent me the explanation especially when I had followed the development of 2.5 so closely:

If you’re using WordPress 2.5, then you’re in for a treat. Because as of this version, WordPress hooks the function wp_head() to insert (automatically) the generator meta link.

You can’t really remove wp_head() as plugins require it to work correctly (inserting JavaScript, etc.), so you have to disable the function that produces the generator link from within WordPress.

See the following announcement:

http://blog.ftwr.co.uk/archives/2007/10/06/improving-the-wordpress-generator/

And to top this all off, Scott worked up a tiny plugin that disabled that very function, attached it to his message and it worked like a charm. I can’t say enough about this guy. I use another of his themes called Blog.txt and through 3 updates to the theme since I first installed it he’s answered all my questions, taken care of submitted bugs and even incorporated one of my suggestions about Gravatar resizing using the theme’s “Options” page in the Admin.

So I decided to host his plugin for those of you who wish to use it. Installation is simple. Extract, upload, activate and you’re done. Your version of WordPress shown in the source of your blog should now be gone unless your “header.php” has the hard coded “generator” still coded into it.

Note: This plugin is only for use with WordPress 2.5 and higher.

Download: rgl.zip

Edit 08-14-2010: It’s been rather a long time since WordPress 2.5 hit the streets and even though Scott’s plugin still works fine, securing your  WordPress powered site these days requires a bit more than just removing the version number from your site’s generated source code. That being said, I would highly recommend Secure WordPress which offers quite a bit of security in an easy to configure plugin. I use it myself. And although no security measures are fool proof, Secure WordPress goes a long way towards keeping your WordPress powered site secure.

Make sure you remove the original “rgl” plugin before activating Secure WordPress and if you happen to use Windows Live Writer then make sure you do not check the box that removes that particular function (The check box is marked “Windows Live Writer“.).

Comments

WordPress 2.5 Plugin Keeps the Version out of Source. — 13 Comments

  1. Pingback: An Ideal WordPress User · plaintxt.org

  2. Pingback: CodeScheme » WordPress mask version display plugin

  3. Thanks for the kind words, Kirk. And thank you for going the extra step and providing your solution to others. :-)

  4. @Scott:

    Nothing like passing on a favor is there? Glad to do it and thanks again. You’ve made things just a bit easier for everyone.

  5. I use this:

    if (function_exists(‘wp_generator’)) {
    remove_action(‘wp_head’, ‘wp_generator’);
    }

  6. John,

    That looks like a fantastic plugin you have there. Being a chronic tweaker I can see I’ll be loading this one up soon enough. It looks like it could eliminate at least two plugins I currently use as well. Good deal!

    I might just run up a post about this on my new tech flavored WP site after I check it out (both sites running 2.6 beta1). Thanks for the info!

  7. Pingback: Domain Murah : An Ideal WordPress User

  8. Pingback: WordPress Tip: Always Remove the WordPress Version Code | Information on how to backup your computer

  9. I installed the plugin on my site and it still says “Powered by WordPress”.
    I wonder why it didn’t work?
    Thanks!
    Kat

    • Kat – If you mean “Powered by WordPress” at the bottom of each page of your site, that’s just a bit of code in your theme’s footer. The plugin takes the version number of WordPress out of the generated source code of your site. Right-click on any page of your site. (in a blank area) and select “View source” from the menu and look for WordPress + some version number like 3.0.1 or less. should be near the top somewhere. You shouldn’t find the version number with the plugin installed.

      Since it’s been a long time since WordPress 2.5 hit the streets I’d recommend a more up to date plugin called Secure WordPress instead. It offers much better security options than just removing the version number of WordPress from your source code.

      http://wordpress.org/extend/plugins/secure-wordpress/

      Hope this helps.

  10. Pingback: How to remove generator meta tag wordpress | Free Android CakePHP GMaps Articles