Security Tips & Tricks Web Development WordPress

Only removing WordPress version number from the header, discussed here, is not enough. There might be source files which have your WordPress version number appended as the query parameter. This too exposes your WP version and thus can be a security threat. If you are not using the latest WP version, which is recommended, it is an easy way for hackers to get into your website.

You might want to remove the version parameter completely from the source files or remove it only if it comes from or matches the WP version. Here are the ways you can achieve this.

Remove WordPress version number parameter:

The following piece of code will remove all the version parameters from the source files.

// Remove version entirely from the source files 
function sh_remove_ver_css_js( $src_file ) {
    if ( strpos( $src_file, 'ver=' ) )
        $src_file = remove_query_arg( 'ver', $src_file );
    return $src_file;
}
add_filter( 'style_loader_src', 'sh_remove_ver_css_js', 9999 );
add_filter( 'script_loader_src', 'sh_remove_ver_css_js', 9999 );
Remove only WordPress version number parameter:

The following piece of code will remove all the version parameters from the source files.

// Remove version only if it comes from WP version
function sh_remove_ver_css_js( $src_file ) {
    if ( strpos( $src_file, 'ver=' . get_bloginfo( 'version' ) ) )
        $src_file = remove_query_arg( 'ver', $src_file );
    return $src_file;
}
add_filter( 'style_loader_src', 'sh_remove_ver_css_js', 9999 );
add_filter( 'script_loader_src', 'sh_remove_ver_css_js', 9999 );

style_loader_src is the hook to filter the enqueued stylesheet’s URL.

script_loader_src is the hook to filter the enqueued script file’s URL.

sh_remove_ver_css_js is the callback function for the above hooks. We are using it to remove the version parameter. You may want to update the URL as per your requirement.


Team Smartherd has a decade of experience in online teaching. Our instructors are tech geeks and holds significant experience in their respective domains.