Hiding the WordPress version
Suppose that a weakness is found in WordPress 3.0.1 and Automattic duly patches this with 3.0.2. Sites determined to be running the older version could be open targets.
With that in mind, browse your page source and you'll see a line like this:
Similarly, a hacker can look at a site's RSS feeds to ascertain the WordPress version. To get rid of this version leak, open up functions.php in your theme's folder, pasting this code at the top of the file:
<?php function hide_version()
{
return '';
}
add_filter('the_generator', 'hide_version');
?>Now refresh the source code and the version has gone, as it will have from RSS feeds.
Binning the readme
You may not know you have this file. Browse to http://yoursite.com/readme.html:
There's your version again. Delete readme.html from your WordPress root directory, not just now, but after upgrades.
Cloaking the login page and the version
There is one more place from where it is possible to work out your WordPress version...
