Hide WordPress Version removes your WordPress version number from the page source, RSS feeds, and asset URLs. Attackers scanning for sites running specific vulnerable versions move on instead of targeting yours.

What this feature does

By default, WordPress publishes its version number in three places:

HTML <head>A <meta name="generator" content="WordPress 6.x"> tag on every front-end page.
RSS feedsA <generator> tag inside every feed.
Asset URLsEvery CSS and JS file enqueued by WordPress core has ?ver=6.x appended for cache-busting.

This setting filters all three sources to remove the version. AdminEase replaces the generator tag with an empty string and strips the ver= query argument from style_loader_src and script_loader_src for any URL where the version matches the current WordPress version.

Defence in depth, not a silver bullet

Hiding the version doesn’t make a vulnerable WordPress install less vulnerable; it just makes it harder to find through automated scanning. Always combine this with an actual update strategy. Hidden version + outdated install is worse than visible version + current install.

How to enable it

  1. Open AdminEase › Security. Click AdminEase in the WordPress admin menu, then switch to the Security tab.
  2. Toggle Hide WordPress version on. Save settings.
  3. Verify. Open your front-end and view source. Search for generator; the WordPress meta tag should be gone or empty. Inspect a CSS file URL (e.g. /wp-includes/css/dashicons.min.css); the ?ver=… string should no longer match your WordPress version.

Settings reference

Setting What it does Default
Hide WordPress version Filters the_generator to empty and strips ver=<wp-version> from CSS/JS asset URLs. Off

What happens behind the scenes

Two filters

AdminEase applies two filters:

  • the_generator__return_empty_string. Removes the version from <meta> tags and RSS <generator> elements.
  • style_loader_src and script_loader_src at priority 9999. Removes the ver query argument when the value matches the current WordPress version.

The asset filter runs late (priority 9999) so it overrides any earlier code that might re-add the version. Only the WordPress-core version is stripped; plugin and theme assets keep their own version strings, which is correct because they’re used for cache busting and don’t identify WordPress core.

Troubleshooting

I still see the version in page source

Check whether your theme has hard-coded a generator string, or whether a caching plugin is serving an old version of the page. Theme overrides need to be removed in the theme; cached pages need their cache flushed.

My CSS files still show the version number

The filter only strips ver= when the value equals the current WordPress version. If the value is something else (a plugin version, a custom string), it’s left alone. That’s by design.

An external scanner still detects my version

Scanners use multiple fingerprints: meta generator, RSS feed, file checksums of readme.html, presence of specific paths like wp-includes/js/…, behaviour of /wp-login.php, etc. This setting handles the easy three (meta, feed, asset URLs). For full version-fingerprint hiding, also delete readme.html, restrict wp-includes directory listing (use Block Directory Browsing), and consider Block Access to Sensitive Files.