Your WordPress version might not be the most glamorous aspect of your WordPress website. But, from a security standpoint, it’s one of the most important things to keep track of.
If your website is out-of-date and vulnerable to attacks, you could lose your customers’ trust and, eventually, their business. That’s why it’s critical to consistently check your version of WordPress.
In this post, we’ll show you five different ways to view the version number of your WordPress installation and ensure your WordPress site is secure, safe, and functional.
Table of Contents:
- The Importance of Checking Your Version of WordPress
- How to Check Your WordPress Version
- Which version of WordPress should I have?
- Why check the version of your WordPress?
- How to Remove Version Info From WordPress
The Importance of Checking Your Version of WordPress
Checking your version of WordPress is essential to keep your and your customers’ information safe. WordPress has several well-known security vulnerabilities that can be easily prevented by updating your WordPress version.
How? WordPress frequently releases security updates to patch vulnerabilities that cybercriminals love to exploit. Each new release details problems that were found and fixed in the update. Therefore, it’s crucial to make sure your current WordPress version is up-to-date at all times. Otherwise, your site may become one of the tens of thousands of websites hacked every day.
On top of security fixes, WordPress updates also improve page speed and website performance, which are critical to engaging and retaining visitors. Plus, an outdated WordPress version can cause compatibility issues with themes and plugins.
If you fail to consistently update your core installation and your add-ons, you could break your site.
How to Check Your WordPress Version
- Check your WordPress administrator dashboard.
- Search the web page source code.
- Search the website RSS feed.
- Check version.php via cPanel or FTP.
- Check the readme.html file.
Ready to check your WordPress version? Try the methods below.
1. Check your WordPress administrator dashboard.
If you have administrator dashboard access, there are several ways to quickly check your version in the WordPress back-end.
First, in the Dashboard view, check under the At a Glance widget. Within this box are your WordPress version and active theme.
Alternatively, simply scroll to the bottom of this page or any page in your admin view. In later WordPress versions, you’ll see the version number in the bottom right corner.
If the At a Glance widget is disabled, you can also check your version under Dashboard > Updates. On this page, you’ll be told whether you have the latest version of WordPress or if you need to update.
Finally, you can view your WordPress version in About WordPress. Hover over the WordPress icon in the top left corner and choose About WordPress. This page details your WordPress version, including new features and contributor credits.
These all work well for admins. But, what if you’re not an administrator? Below are several alternative methods to check the version of your website without accessing the dashboard.
2. Search the web page source code.
The next way to locate your WordPress version is by peeking at the source code. On Chrome, pull up your website, then right-click anywhere in the window and choose View Page Source.
This displays the page’s underlying HTML in the browser.
Next, use your browser’s search function (likely control-F on Windows or command-F on macOS) and search for the word “generator.” If it hasn’t been disabled by the site administrator, you’ll see the following meta tag:
<meta name="generator" content="WordPress 5.8.2" />
This tag signals that the website is built with WordPress CMS, and includes the version number in the content attribute. In the example above, the version is WordPress 5.8.2.
However, there’s a chance this technique won’t work since many WordPress websites use security plugins to hide this tag from public view, preventing hackers from detecting outdated pages.
If so, search the page source for the code “ver=”. You’ll probably see several search results for this code, so look only inside the tags that begin with link rel='stylesheet'. The numbers after ver= indicatethe active WordPress version.
3. Search the website RSS feed.
All WordPress websites produce several RSS feeds, and you can try looking here for the version number as well. To view a WordPress site’s main RSS feed, paste “/feed” at the end of the website’s URL:
websitename.com/feed
This displays the XML code for the RSS feed in your browser. With the feed open, search for “generator."
If tags with this attribute haven’t been hidden by the administrator, you’ll see your WordPress version. It should look as follows:
<generator> https://wordpress.org/?v=5.8.2 </generator>
4. Check your version.php file via cPanel or FTP.
The version.php file in WordPress contains the version of its respective WordPress site. This is a more accurate indicator than viewing source code since this number isn’t affected by the active theme or plugins. However, version.php can’t be opened through the front end, so you’ll need to access your server files with a file manager or through a File Transfer Protocol (FTP) connection.
Many hosting providers use cPanel as the default file manager. If this is true for your host, log into your hosting account, navigate to your cPanel dashboard, and select File Manager.
Note: On BlueHost, you’ll find your file manager under the “Advanced” options.
Once you’ve reached the file view, open the directory where WordPress is installed (typically public_html), then open a folder called wp-includes.
You should see your version.php file inside this folder. Open version.php in a text editor and run a search for the code “$wp_version =”. The number that follows this code is the active WordPress version.
If you prefer to access server files via FTP, use an FTP client to connect to your server to view your website’s folders and files. Then take the same steps as above.
5. Check the readme.html file.
If none of the previous techniques work, you can try one last-ditch method: accessing the readme.html file. This will only work on outdated versions of WordPress — the most recent versions have removed the version number from readme.html.
To open this file in your browser, place “/readme.html” at the end of a site’s URL:
websitename.com/readme.html
If your site is outdated, you’ll see the WordPress version at the top of the file.
Which Version of WordPress Should I Have?
You should always have the most recent version of WordPress. If your website is not on the most recent version, update it immediately.
Because WordPress launches multiple updates every year, you’ll want to double-check that you’re on the latest one. If you’ve enabled automatic updates, WordPress sends email notifications:
Look in your email to ensure you haven’t received an email of that sort recently. It’s always a good idea to stay on top of your WordPress updates and know which version your website is currently running. This helps protect your site from cyberattacks and cover up security vulnerabilities, and it also improves the efficiency of your code to aid performance.
Why should you check your WordPress version?
As someone who values cybersecurity and website design, you recognize that a strong defense is paramount to safeguarding your digital assets. Checking your WordPress version isn't just a mundane chore; it's a critical aspect of maintaining a secure online presence. Here's why:
1. Security is paramount.
WordPress, despite its popularity, can be vulnerable to cyberattacks. The WordPress team regularly releases security updates to address these vulnerabilities. By checking and updating your WordPress version, you patch potential security holes, reducing the risk of breaches and data loss.
2. Performance and compatibility.
Beyond security, updating your WordPress version enhances website performance and user experience. With each update, you gain access to new features, optimizations, and compatibility improvements. A website that loads quickly and functions seamlessly is more likely to engage and retain visitors.
3. Protect user trust.
A compromised website erodes user trust. If your site falls victim to a cyberattack due to outdated software, it not only jeopardizes user data but also damages your reputation. Demonstrating your commitment to security builds confidence in your brand.
How to Remove Version Info From WordPress
Sometimes, displaying your WordPress version can inadvertently expose your site to potential risks. Here's how to remove this information.
1. Install a security plugin.
Choose a reputable security plugin such as "All In One WP Security & Firewall" or "Wordfence Security." These plugins often offer options to hide your WordPress version.
2. Access plugin settings.
After installing the plugin, navigate to its settings in your WordPress dashboard. Look for options related to "Security" or "Miscellaneous."
3. Locate version information.
Within the plugin's settings, find the option to hide your WordPress version. This might involve toggling a switch or selecting a checkbox.
4. Save changes.
Make sure to save your changes after hiding the version information. The plugin will handle the rest, ensuring that your WordPress version remains hidden from public view.
Keep your WordPress up to date.
Lastly, remember that the same is true for plugins and themes — outdated WordPress add-ons are among the most common entry points for WordPress hackers to access your private files. So yes, those little update notification icons in your admin panel might be annoying, but there’s good reasoning behind them.
Editor's note: This post was originally published in January 2021 and has been updated for comprehensiveness.