If I told you I could tell at a glance what WordPress version you were running was, would you be concerned?

You should be.

With the recent release of WordPress 2.6.5, and the imminent release of 2.7, there’s a lot of attention on security, and people hacking WordPress sites to gain control of them. So more than ever, it pays to be watching out for any information you give out that could give hackers a leg up.

One such is the version number – every WordPress theme displays it, thanks to the function call wp_head(), which needs to be included in every theme (like wp_footer()).

Although it does a number of other useful things, the one it does in this case is to add a generator description announcing your blog version:

<meta name="generator" content="WordPress 2.6.5" />

This can be an issue in two ways:

• For those forgetting to upgrade quickly, it’s a calling card for hackers looking for exploitable older blogs.
• For those who upgrade immediately, it can be a notification for others should there be any zero day exploits (hacks on newly-released versions).

Either way, you should consider removing it from your theme – fortunately, it’s very easy to do:

• Edit your WordPress theme, looking for the index.php file.
• At the VERY top, add this line:

  <?php remove_action('wp_head','wp_generator'); ?>

• Save and use.
• Reload your blog, and check for the generator tag (use the ‘view source’ command of your browser). It should now be gone.

Although this kind of tag is informative (I myself like to know at a glance what I’m working on) with today’s problems online, it’s not worth it to give hackers any more details – so leave it off, and make sure hackers DON’T get those extra details from your site!