Removing the WordPress version number from your site’s frontend can make it harder for potential attackers to target your site by exploiting known vulnerabilities in specific versions of WordPress. By hiding this information, you make it more difficult for attackers to determine which version of WordPress you’re using, making it less likely that they’ll try to exploit a vulnerability that doesn’t exist on your site.
For example, if an attacker knows that a certain version of WordPress has a critical security vulnerability, they may try to target that version by sending a malicious payload to any site they suspect is using that version. By removing the version number, you make it harder for attackers to know if your site is vulnerable, reducing your risk of attack.
function remove_wp_version_strings( $src ) {
global $wp_version;
parse_str( parse_url($src, PHP_URL_QUERY), $query );
if ( !empty( $query['ver'] ) && $query['ver'] === $wp_version ) {
$src = remove_query_arg( 'ver', $src );
}
return $src;
}
add_filter( 'script_loader_src', 'remove_wp_version_strings' );
add_filter( 'style_loader_src', 'remove_wp_version_strings' );