As many bloggers have been learning lately, WordPress has a ton of major security holes being exploited by evil doers but because of the open nature of the tool, these exploits vary dramatically depending upon which version of the tool you’re using so one of the first tips we give WordPress blog owners is to remove the WordPress version number from your template file, this is pretty simple thing to do simply by opening the header.php file and searching for the line of HTML with your file which looks something like:

[source lang="html"]<meta name="generator" content="WordPress <?php bloginfo(‘version’); ?>" /> <!– leave this for stats –>[/source]

Unfortunately, this isn’t just good for stats … it’s great for hackers because it tells then exactly what version of WordPress you’re using which allows them to search the net for hacks specific to your version of WordPress. Unfortunately, as of version 2.5 the people at WordPress don’t simply allow you to remove this piece of code from your theme and forcibly “inject” the damning meta tag into your theme using the wp_head(); function which is required to make WordPress work.

There is luckily a fix, but it requires users to edit yet another file in their template directory. To truly remove the code, you’ll need to open the functions.php file and add the code:

[source lang="php"]remove_action(‘wp_head’, ‘wp_generator’); [/source]