[Resolved] Security


  • Author
  • #4275


    Hi Andrew. I just discovered this safety information and I saw it was not implemented in Ultra theme so I added it to my child theme.
    Wordpress default displays the version you are using. If a security hole is published and we do not update our theme hackers have information about our WordPress. If we do not hide this information we are giving facilities to those who want to access our admin panel.

    function removeHeadLinks () {
    remove_action(‘wp_head’, ‘wp_generator’);
    remove_action(‘wp_head’, ‘wlwmanifest_link’);
    remove_action(‘wp_head’, ‘rsd_link’);
    add_action( ‘init’, ‘removeHeadLinks’ );

    Have a good weekend.


    Andrew Misplon

    Hi xc70

    Thanks for sharing this tip. For sure, on your site this is a handy little security addon. Unfortunately, on WordPress.org the theme standards are quite strict. At the moment themes aren’t allowed to remove default functionality like the sort you’ve described above. Some of the security plugins out there will offer this same header information removal as an option.

    Chat soon 🙂



    Thanks Andrew, unaware that Automattic policy for their themes. It is curious that an issue like this which is known to all further use when it is detrimental to the safety of the user.



    Andrew Misplon

    I hear you.

    Automattic do have influence over what happens in the Theme Review team but it’s mostly a community driven project. Here is the section that would cover these links:


    Specifically: No removing or modifying non-presentational hooks.

    Plugins like WordFence or BetterWPSecurity (did they change their name) are however free to do this. So in summary, this is more of a plugin level task.

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

Scroll to top