Page tree
Skip to end of metadata
Go to start of metadata

This article is part of the Protecting WordPress index, but can be generally applied to your account and security practices! 

Step 1: Remove default posts, etc.

Step 2: Remove Version information in default files.

This can be done in two places.

- The first is the meta generator tag in your template. That's found in wp-content/{name of your WordPress theme}/header.php. Look for something like “” and remove it.

- The other element is in your RSS feed. Open up wp-includes/general-template.php and look around line 1858. Find:

function the_generator( $type ) {
echo apply_filters('the_generator', get_the_generator($type), $type) . "\n";

- Make sure a hash is applied next to the “echo” command so that it looks like this:

function the_generator( $type ) {
#echo apply_filters('the_generator', get_the_generator($type), $type) . "\n";

Step 3: Remove “Powered by WordPress” footers.

Step 4: Remove install or upgrade files.

- Be sure to delete /wp-admin/install.php and /wp-admin/upgrade.php after every WordPress installation or upgrade. You don't need them for day to day WordPress functionality.

- Change some of the misc default settings

  • Go to Settings > Miscellaneous in your admin console and change the names of wp-content/directory and wp-comments-post.php.
  • Make sure to change the template URL within the template and wp-comments-post.php accordingly, to maintain the function of your site.