One of the ways that a hacker can break into your site is by them knowing the vulnerabilities in both the older versions of WordPress and some of the files within even the current versions of WordPress. So one way to minimize these vulnerabilities is to keep your WordPress files, plugins, and themes up to date. But maybe you’ve got a client that wants to keep an older version of WordPress for whatever reason they have. Then you want to make sure that no one can see this site has an older and more vulnerable version of WordPress on it. So in this video, I’m going to show you how to prevent the version number from showing up, as well as the removal of some of the files that are not needed to keep your WordPress site working that might pose a vulnerability threat.
So first off, let’s go ahead and show you where those version numbers might show up at. Now I’m in a Firefox browser. So if you’re on a different browser – Chrome, Safari, Internet Explorer – then what I’m about to show you might look a little bit different. But just right-click, come on down here to View Page Source. And left-click on that. And this is the code that makes a WordPress site do what it does. So I’m going to Ctrl+F to get that Find box that pops up. And the current version that I’m working with right now is 4.3.1. So I’m going to see how many of those numbers pop up. So I’m going to type in this Find box down here ‘4.3.1’. And we see that that string of numbers shows up 7 times throughout here. So the version number is popping up here 7 different times. You want to get rid of those without breaking our site. Let’s get rid of this. And there’s an easy way and a hard way. The hard way is to add code like this to the bottom of your functions.php file within the theme that you’re using. And I’m not going to go into that because then we’ve got to go into how to create a child theme and all kinds of other stuff that just goes way beyond the scope of this video.
So let’s keep it simple and still get the job done. We can do that with the plugin. So let’s log into the admin area of our WordPress site. Come on down here to Plugins, go to Add New. And in the search box, type in meta generator. And it should be one of the top results to pop up right here, Meta Generator and Version Info Remover. Click on Install Now, and then Activate Plugin. And as soon as that happens, it just did its job. It just removed those version numbers from showing up. But there’s a little more to it than that.
If you come over here to Settings and then click on the Meta Generator link, that’ll bring us to the settings page for that plugin. Now since this is a brand new installation of WordPress, it’s not required at all. But if you have a seasoned site, one that’s got a lot of stuff, a lot of plugins, maybe a lot of content, then there might be some scripts there that require that version number for them to function – in which case you want to keep this plugin from affecting them.
And you do that just like it says here, by putting in their filenames right here separated by commas. And come on down here and click on Save Changes. I have not made any changes, so I don’t need to save anything. But I do want to come back to the site here, refresh, and then right-click, then left-click on Page Source, do a Ctrl+F again, and then type in 4.3.1. And you can see that it doesn’t show up at all. It has effectively removed all of those and has not damaged the site.
The site still works just fine and dandy. Only when the hackers come to see the source code are not going to know what version number this is. So that’s how you can prevent the version number from showing up on older versions of WordPress. Now, of course, this being a brand new version of WordPress, it’s not necessary because more than likely, all the vulnerabilities have already been plugged into this new version.
Anyway, one last thing I want to cover in this video is a removal of the trash or what I call trash files that really play no part in your site whatsoever. So let’s go ahead and get rid of them, just in case they may pose a threat down the line. So I’m doing this in the cPanel control panel under the File Manager. You can do the same thing through an FTP client. But we log into the root directory of our WordPress site. And there are a couple of files right here, the readme and the license. And I select one, hold the Ctrl key down on my keyboard to select multiple files. And if you still have it, get rid of it, that being the wp-config-sample.
Make sure that it’s one that ends in -sample because the wp-config file is an important file that you don’t want to delete. So let’s go ahead and select the one -sample. Come on up and click on Delete. Are you sure? Yes. And then come on up here to wp-admin folder or directory, open that up, and scroll down, select the install helper and the install.php files. Since obviously, we have WordPress installed, we don’t need those files any longer. Click on Delete, and we are golden. We are good to go. So all of those vulnerabilities have been taken care of.
Add these codes to the bottom of the themes functions.php file. If you have a child theme then add it there. Any custom work should always be done in a child theme because when you update the core of WordPress these custom additions may be over-written.
————————————————————————————————
// remove wp version meta tag and from rss feed
function at_remove_wp_ver_meta_rss() {
return ”;
}
add_filter( ‘the_generator', ‘at_remove_wp_ver_meta_rss' );
// remove wp version param from any enqueued scripts
function at_remove_wp_ver_css_js( $src ) {
if ( strpos( $src, ‘ver=' ) )
$src = remove_query_arg( ‘ver', $src );
return $src;
}
add_filter( ‘style_loader_src', ‘at_remove_wp_ver_css_js', 9999 );
add_filter( ‘script_loader_src', ‘at_remove_wp_ver_css_js', 9999 );
————————————————————————————————
And that’s going to bring us to the end of this video. Thanks for watching and you have a great day.
