If you want to check the WordPress version of your website to:
- Know whether you’re using the latest version or not.
- Check the version of your client’s website without asking.
- Solve a special issue associated with the version.
- Conduct penetration testing.
Then I’ve got your back.
In this article, I’ll use a demo website to show you every single step.
Without wasting your precious time, let’s get started.
1. At a Glance
First, you need to sign into your WordPress website, generally attained by writing /login in at the end of your website name. It immediately prompts you to type your username and password.
The first window that appears— when you’ve successfully signed in— is your Dashboard and Home, and in the At a glance window, you can see the WordPress version you’re currently running.
2. Bottom of Home
No matter where you are in your website’s admin panel, the WordPress version is written at the bottom of the right corner of the screen.
Note: It doesn’t show the current version if you’re using an outdated version. Rather it forces you to get the latest version like this:
3. Updates Section
In the Updates section within Dashboard, you don’t only come to know about your version, but also it helps you to check whether you’re using the latest version or not.
Note: Like Way 3, it might also not be the perfect method to check since it doesn’t show the version you use if you have an outdated version. It shows an updated version of WordPress is available.
4. Source Code of Any Website
This is the best way to find out the WordPress version on any website, especially when you don’t own a WordPress website.
How does it work?
Right-click on any empty part of a website and click View Page Source.
Anything after the ?ver= is actually the version of WordPress, commonly found in the CSS files. Make sure you look for inside the wp-includes or wp-admin. Otherwise, WordPress reveals the plugin version as well.
Note: Some websites might be using security plugins to hide their WordPress version in CSS and other scripts. I also mentioned the way to hide the versions in the hide WordPress version.
5. RSS Feed
WordPress automatically generates RSS for every new website. It’s better to disable it since some people might use it to scrape your content and publish it elsewhere.
What is RSS actually?
RSS stands for “rich site summary.” In its heart, RSS describes text documents with content, images, and video.
Type /feed at the end of any website using WordPress. In the generator tag, you’ll find out the WordPress version.
Note: You might not find the WordPress version in the RSS feed on some websites due to the code they have placed to hide it. How do they hide it? I have shown the way how you can hide the version easily. Scroll down to learn more.
The majority of users use cPanel hosting due to its simplicity and affordability. Go to your cPanel and find out the WordPress icon found in 1 Click App Installer.
You’ll find all the WordPress websites along with their versions easily. It also helps to update your WordPress to the latest version, creates backups, and restores it.
7. cPanel Version.php
Some hosting companies don’t grant access to WordPress 1-Click Installer in order to get more clients for their managed-WordPress-hosting plans.
In that case, you can see the WordPress version from File Manager in Cpanel.
Locate the public_html folder where the first website is installed when you sign up for a new hosting plan.
Next, click the wp-includes folder.
Find the version.php with the help of a find feature. Press Ctrl+F in Windows and Control+F in Mac.
Right-click on version.php and click Edit.
Once the file is opened, you can clearly see the version of WordPress.
8. FTP Version.php
If you’re using cloud-based hosting like Digital Ocean, Vultr, and Lionade, you will not get cPanel with it—cPanel is pretty expensive.
But don’t worry, you can easily access your WordPress with the help of FTP.
Make sure you have installed the client version of FileZilla for your operating system.
Once installed, open it. Type the username, password, and host. FTP details are sent in your email when you create an account.
When you directly connect it, you won’t find anything. That’s why you need to put /var/www/html in the Remote site.
As soon as you type, you’ll see all the WordPress files immediately.
Now go to wp-includes and find out the version.php.
Click View/Edit; if any code editor is installed and made it default editor in FileZilla, it will show you like this.
9. Way: About
When you bring your cursor over the WordPress icon, found at the top of the left corner, you’ll see the following options:
- About WordPress
Click About WordPress.
A big text will show you the version you’re using.
10. Sucuri Checker
It’s the fastest way to check the WordPress version even if the owner has tried to hide the WordPress version with a simple plugin.
Go to Sucuri SiteCheck and type the website address, and hit enter.
It doesn’t only show the WordPress version being used but also scans your entire website for suspected and malicious files.
Why Should You Hide Your WordPress Version?
Did you know the most commonly hacked CMS in the world is WordPress?
It’s a universal phenomenon that anything that has the largest market share in the industry faces the most hacking issues due to its popularity.
According to Statista, Android is the most vulnerable operating system globally, followed by Linux, Mac, and Windows 10.
The same is the case with WordPress that accounts for 90% of the hacking attempts being the largest market share in the Content Management System (CMS). Hackers master the skills for specific platform to target most websites.
Did you know what the major reasons behind WordPress vulnerabilities are? The plugins, brute force, core, theme, and hosting.
The core of WordPress is the third most common reason for WordPress compromised websites.
Hackers find outdated websites with the help of source code search engines; for example, PublicWWW is used for finding specific code from the source code of websites on the internet.
Once old websites are found, hackers try to find vulnerabilities associated with the WordPress version.
Additionally, hackers easily find the documentation for hacking specific kinds of vulnerabilities on the internet. Besides, hackers find the version of a plugin and its vulnerabilities in order to hack your website. It’s highly recommended to keep your website updated.
The latest WordPress version makes it extremely easy to auto-update your plugins and themes on auto-pilot. It will update all the plugins and themes on your website, hackers will find it hard to compromise your website.
How to Hide WordPress Version
It has proven hiding the WordPress version is more important than anything else; otherwise, your website has a greater chance of being hacked.
There are two ways to hide the WordPress version: without a plugin and with a plugin.
1. Hide WordPress Version Without a Plugin
Experienced WordPress users understand the importance of running a website without a plugin.
Fewer plugins make maintenance easy, less vulnerable to hacking, and loads much faster.
But the problem is that it’s really time-consuming.
If you update the WordPress version, the settings might get removed and need to be implemented manually again.
Follow the below steps to hide WordPress manually:
Go to Appearance>Theme Editor>Theme Functions.
And paste the below line at the bottom of the function.php.
The above line removes the WordPress from here:
And don’t forget to add these lines as well:
You’ll not find the WordPress version in RSS.
The major issue with the above method is that they don’t hide the WordPress versions from scripts and CSS.
I have found a solution for them, as well.
Please copy the below code and paste it into function.php.
As you can see, the WordPress version has been removed successfully.
2. Hide WordPress Version With a Plugin
Some people are lazy; they want to use a plugin to avoid any potential loss. You can find plenty of WordPress plugins to hide the WordPress version.
I personally prefer to use a premium version due to the regular updates, and real hard work is put into making it.
If you are low on budget, you can use the free WordPress plugin, WP Hide & Security Enhancer by Nsp Code.
It perfectly hides your WordPress version, not only from the source code but also from the online WordPress detector.
It doesn’t matter whether you own the WordPress site or not; there is always a way to find the right WordPress version.
Hackers use the same methods to find vulnerabilities on any website; that’s why you should hide your WordPress version. Moreover, hackers have tools that can find millions of websites using the version and can easily hack them with a vulnerability found in that WordPress version of the theme, plugin, or core.
The fastest way to find the WordPress version is to put your website into a WordPress detector like Sucuri SiteCheck. And other better ways are source code and RSS feed methods.
Let us know if you know of any other method listed above; we’ll mention you in our article 🙂