Archive for the 'WordPress' Category

How to remove <meta name="generator" content="WordPress…" /> from <head> in a WP blog

Friday, September 26th, 2008

I met with the following interesting problem today:

Due to specific needs, I needed to remove from the HEAD part of one WordPress blog the following:

<meta name="generator" content="WordPress [version number]" />

The WP theme, in which I was making the changes, was the standard for WP Default Kubrick Theme. The WP version I was using was 2.6.2.

I was searching and searching inside the code of header.php — and did not find anything! Before, in every WP theme, in header.php, usually the following code was present:

<meta name="generator" content="WordPress <?php bloginfo('version'); ?>" /><!-- leave this for stats -->

Now, I wasn’t able to find it…

I tried also global search inside all of the files of this theme, and again, with total un-success. Finally, I tried the last possible option — Google Seach…

…And have found it! :-)

In short: if you want to hide from the HTML code "<meta name="generator" content="WordPress ..." />, as well as the exact WP version you are using, all you need to do is (in case that you don’t find the code inside header.php — for example, in WP up to version 2.3.3, the code was usually there):

1) Locate and open with a text code editor the file functions.php inside the theme directory — for example, if you are using the Default Theme, the functions.php will be in wp-content/themes/default/functions.php.
2) Add inside it the following code:
remove_action('wp_head', 'wp_generator');
3) Save the file functions.php and upload it back to the server.

That’s it! Automagically, the code, which shows that you are using WordPress, as well as the exact version of it, will disappear from the HTML source! :-)

WordPress 2.3.3 is not safe anymore – upgrade NOW! (link injection vulnerability)

Tuesday, June 3rd, 2008

A few days ago I was recommending to people not to upgrade to version 2.5 of WordPress, because at the time I believed WP 2.3.3 to be as stable and safe as the new 2.5 series. Besides, I liked (and still like) the old, ‘classic’, 2.3.x admin interface much more…

OK, I must take my words back and confirm that WordPress 2.3.3, the last stable release before the new WordPress 2.5 branch was released, is not safe anymore, and you can become a victim of the link injection hack (vulnerability).

What happened?

In one of the blogs, which I support (luckily, not my personal blog, which I have upgraded to 2.5/2.5.1 long ago), I have found ‘hidden’ links (code: <u style="display: none">[ bunch of spam links inserted here ]</u>) in one of the regular posts there.


WordPress 2.5: Give me back part of the 2.3 Classic interface, please!

Saturday, April 5th, 2008

Yesterday I made an upgrade from WP 2.3.3 to WP 2.5 (with full backup of MySQL database and files before that, of course). Looks like everything works fine:)

First, about the good things in WP 2.5:

  1. Editing tags is now built-in feature, which is great;
  2. A better visual editor (Rich Text Editor) — I don’t use it, but they claim it’s better;
  3. Fixed an old bug, which didn’t allow you to specify a directory for uploading files, which is one or more levels higher than the current WP directory (I just had to dig in deep, just to find that you have to fill correctly both fields in Settings → Misc [“Store uploads in this folder…” & “Full URL path to files (optional)…”], or this won’t work);
  4. A better Image Uploader;
  5. Possibility to automatically update plugins, with just one click (nice!).

There a lot of others, but these I noticed at first glance.

And now some rant from my part:


[ is the virtual home of Web & graphic designer Michel Bozgounov | powered by WP & hosted by DreamHost | also available in български ]

0.560 / 27 / 23