This article is part of the Protecting WordPress index, but can be generally applied to your account and security practices! 

Step 1: Remove default posts, etc.

Step 2: Remove Version information in default files.

This can be done in two places.

- The first is the meta generator tag in your template. That's found in wp-content/{name of your WordPress theme}/header.php. Look for something like “” and remove it.

- The other element is in your RSS feed. Open up wp-includes/general-template.php and look around line 1858. Find:

function the_generator( $type ) {
echo apply_filters('the_generator', get_the_generator($type), $type) . "\n";
}

- Make sure a hash is applied next to the “echo” command so that it looks like this:

function the_generator( $type ) {
#echo apply_filters('the_generator', get_the_generator($type), $type) . "\n";
}

Step 3: Remove “Powered by WordPress” footers.

Step 4: Remove install or upgrade files.

- Be sure to delete /wp-admin/install.php and /wp-admin/upgrade.php after every WordPress installation or upgrade. You don't need them for day to day WordPress functionality.

- Change some of the misc default settings

  • Go to Settings > Miscellaneous in your admin console and change the names of wp-content/directory and wp-comments-post.php.
  • Make sure to change the template URL within the template and wp-comments-post.php accordingly, to maintain the function of your site.