{"id":4539,"date":"2019-10-10T11:34:12","date_gmt":"2019-10-10T11:34:12","guid":{"rendered":"https:\/\/www.fastcomet.com\/blog\/?p=4539"},"modified":"2022-06-09T20:02:21","modified_gmt":"2022-06-09T20:02:21","slug":"hide-wordpress-version-or-not","status":"publish","type":"post","link":"https:\/\/www.fastcomet.com\/blog\/hide-wordpress-version-or-not","title":{"rendered":"WordPress Version: To Hide or Not to Hide?"},"content":{"rendered":"\n<p class=\"has-drop-cap\">There is a security tip that can be seen often on the Internet. Articles and tutorials about WordPress security tend to say that hiding your WordPress version enhances the security of your website. In fact, you can even find that most security plugins also promote hiding your WordPress installation version and obscuring it.<\/p>\n\n\n\n<!--more-->\n\n\n\n<p>Does the method of hiding the version of your WordPress code core work against security attacks? Will your WordPress site be protected if you simply hide a bunch of numbers from hackers?<\/p>\n\n\n\n<p><strong>The answer is no<\/strong>. The sad truth is, this misconception is common among users, and because it\u2019s all over the Internet, people believe it. The whole thing is <strong>actually a security \u201cgimmick,\u201d<\/strong> or as people nowadays like to say &#8211; <strong>a myth<\/strong>.<\/p>\n\n\n\n<p>In most cases, hiding the WordPress version of a site won\u2019t even protect it against automated mass hacker attacks. This article is to explain why such attacks cannot be prevented by hiding the version of your site\u2019s WordPress code.<\/p>\n\n\n\n<p>This post will cover:<br><\/p>\n<ul class=\"nav-list\">\n\t<li><a href=\"#popular-hacks\">Most Popular WordPress Hacks<\/a><\/li>\n\t<li><a href=\"#wordpress-attacks\">How Do WordPress Attacks Work?<\/a><\/li>\n\t<ul>\n\t<li><a href=\"#exploiting-vulnerabilities\">Exploiting Known WordPress, Plugins, and Theme Vulnerabilities<\/a><\/li>\n\t<li><a href=\"#guessing-wp-credentials\">Guessing WordPress Credentials<\/a><\/li>\n\t<\/ul>\n\t<li><a href=\"#many-recommend-hiding-wordpress-version\">Why do Many Recommend Hiding your WordPress Version?<\/a><\/li>\n\t<li><a href=\"#not-the-solution\">Conclusion: Hiding your WordPress Version is Not a Solution Against Hackers<\/a><\/li>\n<\/ul>\n\n\n\n<h2 data-role=\"contents-nav-item\" id=\"popular-hacks\">Most Popular WordPress Hacks<\/h2>\n\n\n\n<p>When talking about malicious hacker attacks against WordPress, there have been lots of successful ones (different types) over the years. However, the two most common hacker attack cases have to be:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Exploiting of known vulnerabilities in older versions of the WordPress core, plugins or themes;<\/li><li>Guessing a WordPress admin (or another account) password.<\/li><\/ul>\n\n\n\n<h2 data-role=\"contents-nav-item\" id=\"wordpress-attacks\">How Do WordPress Attacks Work?<\/h2>\n\n\n\n<h3 data-role=\"contents-nav-item\" id=\"exploiting-vulnerabilities\">Exploiting Known WordPress, Plugins, and Theme Vulnerabilities<\/h3>\n\n\n\n<p>To date, there are hundreds, maybe even thousands of known and reported vulnerabilities in older WordPress versions, plugins, and themes. <strong>Malicious hackers tend to use automated tools<\/strong> and scan an extensive number of websites automatically, exploit the known vulnerabilities, using them to hack into WordPress sites.<\/p>\n\n\n\n<p>Those automated tools are not even going to check if websites are using WordPress, or let alone the software version the sites are using. It\u2019s quite simple &#8211; they begin scanning websites on a random basis, checking whether the target websites are vulnerable to particular attacks. <strong>Vulnerable websites are being flagged and then attacked.<\/strong> Of course, if the target sites are vulnerable to particular WordPress or plugin vulnerabilities, that means such sites are running on an older WordPress core version, or that there is a vulnerable plugin installed.<\/p>\n\n\n\n<p>As we just mentioned, in such attack types, malicious hackers <strong>do not target only specific websites<\/strong>, and thus hiding your WordPress version will not protect you from the attacks.<\/p>\n\n\n\n<p>There are best ways to protect your WordPress website or blog from this particular attack type, and they are:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Making sure that your site is <a href=\"https:\/\/www.fastcomet.com\/blog\/always-use-latest-version-wordpress\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\"always using the latest versions of WordPress (opens in a new tab)\">always using the latest versions of WordPress<\/a>, plugins, and themes;<\/li><li>Deleting unused\/disabled plugins and themes, in addition to other files, containing code snippets;<\/li><li>Making sure to check properly whether it is vulnerable before installing plugins or a theme.<\/li><\/ul>\n\n\n\n<h3 data-role=\"contents-nav-item\" id=\"guessing-wp-credentials\">Guessing WordPress Credentials<\/h3>\n\n\n\n<p>The other popular attack on WordPress among malicious hackers is <strong>guessing the WordPress credentials<\/strong> (also referred to as <a href=\"https:\/\/www.fastcomet.com\/blog\/protect-your-wordpress-website-from-brute-force-attacks\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\">brute force attacks<\/a>). During this kind of automated attack, the tools used by malicious hackers scan an extensive number of websites to:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Check whether a site has a <code>\/wp-admin\/<\/code> directory (WordPress dashboard)<\/li><li>Try logging in by using common WordPress usernames and passwords (\u201cadmin\u201d and \u201cpassword\u201d).<\/li><\/ul>\n\n\n\n<p>Similar to the previous method, the attackers here do not check or target specifically WordPress sites. They just launch their tools to start <strong>scanning on a random basis<\/strong>. The websites responding positively to the tool\u2019s requests are certainly WordPress sites. They will be attacked, and <strong>when the credentials are guessed<\/strong>, such websites are going to be <strong>further attacked<\/strong>.<\/p>\n\n\n\n<p>In order to make sure your WordPress blog or site is protected against brute force attacks, <strong>always use non-default (strong) credentials<\/strong>. For example, escape using the default \u201cadmin\u201d as your username and try to implement some random password generators &#8211; they always create strong passwords and are free tools on the web.<\/p>\n\n\n\n<div class=\"alert alert-info mb-5\"><p>A strong password consists of at least eight characters that don\u2019t create a dictionary word. Such passwords contain a good mixture of uppercase and lowercase letters, special characters, and numbers.<\/p><\/div>\n\n\n\n<p>You can also use two-factor authentication (2FA) on WordPress via a plugin like <a rel=\"noreferrer noopener\" aria-label=\"Google Authenticator (opens in a new tab)\" href=\"https:\/\/wordpress.org\/plugins\/google-authenticator\/\" target=\"_blank\">Google Authenticator<\/a>, or <strong>protect your login page with HTTP authentication<\/strong>. It strengthens the security of the WordPress login and further protects your WordPress installation from brute force attacks.<\/p>\n\n\n\n<h2 data-role=\"contents-nav-item\" id=\"many-recommend-hiding-wordpress-version\">Why do Many Recommend Hiding your WordPress Version?<\/h2>\n\n\n\n<p>This idea originated from the web security application industry as a type of false advertising. Because there are a lot of organizations unable to always provide their product for the latest WordPress versions, they often suggest that hiding your WordPress version is a good security method. Well, it can work for some single cases, but as we already explained, nowadays, <strong>most of the time, attacks are automated<\/strong>.&nbsp;<\/p>\n\n\n\n<p>With the security tools that are currently available and most of which are free, even <strong>non-seasoned hackers can identify the CMS<\/strong> of a website and its version within minutes.<\/p>\n\n\n\n<h2 data-role=\"contents-nav-item\" id=\"not-the-solution\">Conclusion: Hiding your WordPress Version is Not a Solution Against Hackers<\/h2>\n\n\n\n<p>After taking a look into the WordPress attacks that are currently trending, one can quickly come to the conclusion that <strong>hiding their WordPress version won\u2019t improve the security<\/strong> of their website against malicious hackers.<\/p>\n\n\n\n<p>Even when there is a targeted attack, there are plenty of tools that can identify a site\u2019s WordPress version, in addition to the theme and plugins it is using. So, once again, your solution for the best possible security is <strong>always update everything you are using<\/strong>, and remove everything that you are not. Otherwise, your WordPress site can potentially be a victim of malicious attacks.<\/p>\n\n\n\n<p>Feel free to <strong>comment in the section below<\/strong>. We would be happy to answer any questions and to hear opinions on the matter of WordPress security.&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>There is a security tip that can be seen often on the Internet. Articles and tutorials about WordPress security tend to say that hiding your WordPress version enhances the security of your website. In fact, you can even find that most security plugins also promote hiding your WordPress installation version and obscuring it.<\/p>\n","protected":false},"author":13,"featured_media":4446,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[140,256],"tags":[9,280],"class_list":["post-4539","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","category-wordpress","tag-security","tag-wordpress-version"],"featured_image_src":"https:\/\/www.fastcomet.com\/blog\/wp-content\/uploads\/2019\/09\/hide-the-version-of-wordpress.png","author_info":{"display_name":"Joseph","author_link":"https:\/\/www.fastcomet.com\/blog\/author\/joseph"},"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.6 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Hide your WordPress Version to Improve Security - Yes or No?<\/title>\n<meta name=\"description\" content=\"Does it really matter if you hide your WordPress version? Learn why securing WordPress and obscuring the fact that you\u2019re using it are two totally different things.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.fastcomet.com\/blog\/hide-wordpress-version-or-not\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Hide your WordPress Version to Improve Security - Yes or No?\" \/>\n<meta property=\"og:description\" content=\"Does it really matter if you hide your WordPress version? Learn why securing WordPress and obscuring the fact that you\u2019re using it are two totally different things.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.fastcomet.com\/blog\/hide-wordpress-version-or-not\" \/>\n<meta property=\"og:site_name\" content=\"FastComet Blog\" \/>\n<meta property=\"article:published_time\" content=\"2019-10-10T11:34:12+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-06-09T20:02:21+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.fastcomet.com\/blog\/wp-content\/uploads\/2019\/09\/hide-the-version-of-wordpress.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t<meta property=\"og:image:height\" content=\"620\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Joseph\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Joseph\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Hide your WordPress Version to Improve Security - Yes or No?","description":"Does it really matter if you hide your WordPress version? Learn why securing WordPress and obscuring the fact that you\u2019re using it are two totally different things.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.fastcomet.com\/blog\/hide-wordpress-version-or-not","og_locale":"en_US","og_type":"article","og_title":"Hide your WordPress Version to Improve Security - Yes or No?","og_description":"Does it really matter if you hide your WordPress version? Learn why securing WordPress and obscuring the fact that you\u2019re using it are two totally different things.","og_url":"https:\/\/www.fastcomet.com\/blog\/hide-wordpress-version-or-not","og_site_name":"FastComet Blog","article_published_time":"2019-10-10T11:34:12+00:00","article_modified_time":"2022-06-09T20:02:21+00:00","og_image":[{"width":1024,"height":620,"url":"https:\/\/www.fastcomet.com\/blog\/wp-content\/uploads\/2019\/09\/hide-the-version-of-wordpress.png","type":"image\/png"}],"author":"Joseph","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Joseph","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.fastcomet.com\/blog\/hide-wordpress-version-or-not","url":"https:\/\/www.fastcomet.com\/blog\/hide-wordpress-version-or-not","name":"Hide your WordPress Version to Improve Security - Yes or No?","isPartOf":{"@id":"https:\/\/www.fastcomet.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.fastcomet.com\/blog\/hide-wordpress-version-or-not#primaryimage"},"image":{"@id":"https:\/\/www.fastcomet.com\/blog\/hide-wordpress-version-or-not#primaryimage"},"thumbnailUrl":"https:\/\/www.fastcomet.com\/blog\/wp-content\/uploads\/2019\/09\/hide-the-version-of-wordpress.png","datePublished":"2019-10-10T11:34:12+00:00","dateModified":"2022-06-09T20:02:21+00:00","author":{"@id":"https:\/\/www.fastcomet.com\/blog\/#\/schema\/person\/4f2c9600f49c872b8d56996ee3b95035"},"description":"Does it really matter if you hide your WordPress version? Learn why securing WordPress and obscuring the fact that you\u2019re using it are two totally different things.","breadcrumb":{"@id":"https:\/\/www.fastcomet.com\/blog\/hide-wordpress-version-or-not#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.fastcomet.com\/blog\/hide-wordpress-version-or-not"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.fastcomet.com\/blog\/hide-wordpress-version-or-not#primaryimage","url":"https:\/\/www.fastcomet.com\/blog\/wp-content\/uploads\/2019\/09\/hide-the-version-of-wordpress.png","contentUrl":"https:\/\/www.fastcomet.com\/blog\/wp-content\/uploads\/2019\/09\/hide-the-version-of-wordpress.png","width":1024,"height":620,"caption":"Hide the Version of WordPress"},{"@type":"BreadcrumbList","@id":"https:\/\/www.fastcomet.com\/blog\/hide-wordpress-version-or-not#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.fastcomet.com\/blog"},{"@type":"ListItem","position":2,"name":"WordPress Version: To Hide or Not to Hide?"}]},{"@type":"WebSite","@id":"https:\/\/www.fastcomet.com\/blog\/#website","url":"https:\/\/www.fastcomet.com\/blog\/","name":"FastComet Blog","description":"FastComet Web Hosting Blog","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.fastcomet.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.fastcomet.com\/blog\/#\/schema\/person\/4f2c9600f49c872b8d56996ee3b95035","name":"Joseph","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.fastcomet.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/1aa84dc2a6398ed73c957bd1de58806d12d44e2956744ed1ae9b435d57822ab7?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/1aa84dc2a6398ed73c957bd1de58806d12d44e2956744ed1ae9b435d57822ab7?s=96&d=mm&r=g","caption":"Joseph"},"description":"Joseph is part of the FastComet Marketing team. With years of content writing experience behind him, it's one of his favorite activities. Joseph takes part in the SEO of the FastComet website and blog. His goal is to write comprehensive posts and guides, always aiming to help our clients with essential information. Joseph also has a thirst for knowledge and improvement, which makes the hosting environment a perfect place for him.","sameAs":["https:\/\/www.fastcomet.com\/"],"url":"https:\/\/www.fastcomet.com\/blog\/author\/joseph"}]}},"_links":{"self":[{"href":"https:\/\/www.fastcomet.com\/blog\/wp-json\/wp\/v2\/posts\/4539","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.fastcomet.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.fastcomet.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.fastcomet.com\/blog\/wp-json\/wp\/v2\/users\/13"}],"replies":[{"embeddable":true,"href":"https:\/\/www.fastcomet.com\/blog\/wp-json\/wp\/v2\/comments?post=4539"}],"version-history":[{"count":10,"href":"https:\/\/www.fastcomet.com\/blog\/wp-json\/wp\/v2\/posts\/4539\/revisions"}],"predecessor-version":[{"id":4549,"href":"https:\/\/www.fastcomet.com\/blog\/wp-json\/wp\/v2\/posts\/4539\/revisions\/4549"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.fastcomet.com\/blog\/wp-json\/wp\/v2\/media\/4446"}],"wp:attachment":[{"href":"https:\/\/www.fastcomet.com\/blog\/wp-json\/wp\/v2\/media?parent=4539"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.fastcomet.com\/blog\/wp-json\/wp\/v2\/categories?post=4539"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.fastcomet.com\/blog\/wp-json\/wp\/v2\/tags?post=4539"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}