WordPress follows a regular release cycle of 3-4 months based on the ideas voted from the users along with security releases which will be updated mandatorily. All releases carry a version number for tracking, validating and many other purposes. Though the versioning is meant for good purposes there are security concerns when you have old WordPress installation. Hackers can easily target the sites with old installations and inject malicious software.
Table of Contents
- How to Find WordPress Version of a Site?
- Why You Should Update WordPress?
- How to Remove or Hide WordPress Version?
How to Find WordPress Version of a Site?
By default, WordPress installation leaves the trace of a version number in many places. You can view it both by logging into the dashboard as well from the browser.
Checking WordPress Version in Dashboard
When you logged into your admin dashboard, look for the version under “At a Glance” section from the “Dashboard” menu.
Note: The version number is also displayed at the bottom right corner of the dashboard.
Checking WordPress Version without Logging
1. Meta Generator in Header Section
If you have a WordPress site and not disabled the versioning by any means, just right click and view the source code in a browser. You can find the version of WordPress installation is mentioned as below:
The other easy way to find the version number is to view the readme.html file which default comes with the installation package. Enter the address “yoursite.com/readme.html” to view the version of “yoursite.com”.
3. Styles and Scripts
Most of the admin scripts and style sheets also append the default WordPress version at the end of the URL like “?ver=5.7.2″. You can view this by right clicking and viewing the source code of a WordPress site.
4. Check in RSS Feed
You can also view the version number under the source code of the RSS feed URL of your WordPress site. Open the RSS feed of your site which is generally ”yoursite.com/feed” and right click to view the source code to find the version number.
Using Browser Extensions
There are browser extensions available for version check both for Google Chrome and Mozilla Firefox. You can install one of the extensions and check the version of your WordPress site.
Why You Should Update WordPress?
The WordPress statistics page shows till more than 50% of the WordPress sites use version 4.3 or lower (the latest version is 4.4.2 at the time of writing this article). There are two major reasons for having an outdated WordPress version:
- Generally people buy three years initial hosting plan for very cheap price and not maintain the site afterwards due to time and investment required.
- Compatibility issues with the theme or plugins used.
- Don’t have sufficient knowledge to backup content and database as it is recommended before any update.
When hackers find a WordPress site uses outdated version, it will be an easy target for them to inject malicious codes using known vulnerabilities. If you have a live running site, it is highly recommended to keep the WordPress version up to date, though it is possible to hide it from others.
How to Remove or Hide WordPress Version?
Basically you can modify “functions.php” and “header.php” files to get rid of the versions. But the problem is that the theme update will erase all your changes. You need to remember and update these php files after every theme update which will be difficult task for normal users. So the easy way is to look for plugins to do the task one time without hassle.
Go to WordPress plugins directory under “Plugins > Add New” menu and search for “WordPress version” to find the list of plugins which can do the trick for you. Based on the compatibility we found “Meta Generator and Version Info Remover” is one of the latest plugin available for removing WordPress versions. Install the plugin, activate it and navigate to “Settings > Meta Generator and Version Info Remover”. Check all the available options:
- For removing meta generator tag
- Remove version from stylesheet
- Remove version from script
You can also enter the URLs of stylesheets and scripts you want to exclude in the text box, generally leave the box blank to remove the versioning from all files. Save the changes and check the site’s source now on a browser to see the WordPress versions are removed.
- We noticed some hosting companies remove “readme.html” file during one click installation process. Hence, you may not find the file if it was removed during the installation.
- In case the above plugin does not remove the “readme.html” file, you can disable access by changing the file permission from your hosting account or using FTP clients like FileZilla. You can also use additional security plugins like “All in one WP security and firewall” to restrict access to “readme.html” and implement other security measures.