wangarific

If you are running a WordPress blog, fire up your site and view the source. Search for “generator” and tell me if you see a line that looks like this:

<meta name="generator" content="WordPress 2.9" />

That code is automatically generated by WordPress in the general-template.php file (located in the wp-includes directory) and while it’s well intentioned, it does have some security drawbacks.

Why You Should Remove It

In general, it is safe to assume that sites will upgrade to the newest version of their blogging software because they want the newest features and any security fixes. However, if you fail to upgrade and thieves discover a security breach in an older version, leaving the generator meta tag in your header will make it easier for them to find your site. They can scour the web using spiders to find WordPress sites using an older and now vulnerable version. That tag just did the equivalent of telling them you left your house keys in the lock of the front door (please come in and help yourself to some milk, cookies, and all of our valuables).

How to Remove WP Version Generator

So as a precaution, you should remove this and the easiest way is to edit your theme’s functions.php file and add the following:
remove_action('wp_head', 'wp_generator');

By editing the functions.php file, this change will persist even through WordPress upgrades. This removes the one created by WordPress but your theme may also print out its own version by default, so search through your header.php file for this meta generator line. Delete it.

You can confirm this has worked when you view your source and can no longer find that generator meta tag anywhere.