By default, WordPress broadcasts its version number in several places across your site's source code. Attackers routinely scan for this information to identify sites running outdated versions with known security vulnerabilities.
Hiding your version number does not make your site invulnerable, but it removes an easy signal that attackers use to decide whether your site is worth targeting.
Where WordPress exposes the version
WordPress includes the version number in three places on every public page:
1. Meta generator tag
WordPress adds a <meta name="generator" content="WordPress X.X.X"> tag to the <head> section of every page. This is visible in your site's HTML source code.
2. RSS feed generator
Your site's RSS feed includes a <generator> tag that contains the WordPress version. RSS readers and crawlers can see this.
3. Script and style URLs
WordPress appends ?ver=X.X.X to the URLs of CSS and JavaScript files. While this is primarily for cache-busting, it also reveals the version number to anyone inspecting network requests.
What the setting does
When you enable Hide WordPress version in the Security card, Web60 deploys a small must-use plugin on your site that:
- Removes the meta generator tag from all page headers
- Strips the generator tag from RSS feeds
- Removes
?ver=query strings from all CSS and JavaScript URLs
The plugin runs automatically and cannot be deactivated from the WordPress admin — it is a must-use (mu) plugin managed by the platform.
How to enable it
- Open your Web60 dashboard and select your website.
- Go to Advanced Settings.
- In the Security card, find Hide WordPress version.
- Toggle it on.
The change takes effect immediately. If you refresh your site and view the page source, you will no longer see version numbers in meta tags or asset URLs.
How to disable it
If you need to restore version numbers (for example, for debugging), toggle the setting off. The mu-plugin is removed and WordPress will resume including version information in its output.
Impact on your site
| Area | Impact |
|---|---|
| Visitors | None — version numbers are not visible to normal visitors |
| SEO | None — search engines do not use the generator tag for ranking |
| Plugins and themes | None — no plugin or theme relies on the public version number |
| Caching | Neutral to slightly positive — removing ?ver= strings can improve cache hit rates |
| Analytics | None — Plausible and other analytics tools are unaffected |
Need help?
If you have questions about this setting, visit our support page and we will be happy to help.
Frequently asked questions
Will hiding the version break anything on my site?
No. The version number is purely informational and is not used by any WordPress feature, plugin, or theme to function. Removing it has no effect on how your site works.
Does this also hide the version in my WordPress admin?
No. The version number is only removed from the public-facing side of your site — what visitors and search engines see. You can still see your WordPress version in the admin dashboard.
Will this affect my site's performance?
Removing version query strings from CSS and JavaScript URLs can actually improve caching in some edge cases, because cache proxies sometimes ignore URLs with query strings. In practice, the effect is negligible, but it is never negative.
Last updated: 26 March 2026