Remove WP version from Wp-admin pages

  • Hi,

    An external company has done a security audit on our web sites and I now have a Low risk item to resolve – remove WP version number from wp-admin pages (ver=4.8).

    For example, the following code is part of the wp-login.php head:


    <script type='text/javascript' src='https://www.domain.com/wp/wp-admin/load-scripts.php?c=0&load%5B%5D=jquery-core,jquery-migrate&ver=4.8'></script>
    <link rel='stylesheet' type='text/css' media='all' />

    I am using the following code in my functions.php


    // remove wp version param from any enqueued scripts
    // @ref https://www.virendrachandak.com/techtalk/how-to-remove-wordpress-version-parameter-from-js-and-css-files/
    function vc_remove_wp_ver_css_js( $src ) {
    if ( strpos( $src, 'ver=' ) )
    $src = remove_query_arg( 'ver', $src );
    return $src;
    }
    add_filter( 'style_loader_src', 'vc_remove_wp_ver_css_js', 9999 );
    add_filter( 'script_loader_src', 'vc_remove_wp_ver_css_js', 9999 );

    // Remove WordPress generator version
    remove_action( 'wp_head', 'wp_generator' );
    add_filter( 'the_generator', '__return_false' );

    I have also tried the following plugins:

    • Meta Generator and Version Info Remover
    • Remove Query Strings From Static Resources
    • Remove Version
    • Remove Version Info
    • Remove WP version everywhere
    • WP Version in Query String Modifier

    And I’ve tried disabling all plugins and reverting to the Twenty Seventeen theme (with the above remove WP code).

    Does anyone have a solution for removing the ver=4.8 from CSS and JS files in wp-admin?

    Thank you
    Chris.

    • This topic was modified 7 years, 4 months ago by zemic1. Reason: inserted code in wrong code tags
Viewing 2 replies - 1 through 2 (of 2 total)
  • Moderator bcworkz

    (@bcworkz)

    Hook “wp_print_scripts” and wp_print_styles”. Get the global objects $wp_styles and $wp_scripts respectively. In each, first change the default_version property to something meaningless, like “0.0”. You can also step through the registered array of objects and change the ver property of any that are set to a specific value that you wish to obscure. Objects without ver properties will show the default version value.

    Be careful in obscuring versions, it could cause problems with scripts that rely on version information to do certain things. As you would be changing the data just before output, this would be unlikely, but there is a possibility.

    To be clear, this is changing the version in the head section tags for stylesheet and script external files to load in all cases, front and back end. You can add a conditional to your callbacks to only change things if is_admin() is true. It does not change other references like the version shown in the dashboard widget.

    FWIW, this really is a very low priority. All attacks I’ve seen simply probe the actual vulnerabilities. It either works or not. I’ve never seen any pattern that would indicate checking versions first. But such patterns would be easy to miss, so maybe there is something to it ??

    You can try this code put it in your function.php file

        function change_footer_version() {return ' ';}
    add_filter( 'update_footer', 'change_footer_version', 9999);
Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Remove WP version from Wp-admin pages’ is closed to new replies.