By default WordPress appends the version or “ver” parameter to all CSS and JS files enqueued by the theme and plugins installed. That is mainly used by developers for remote tracking and identify what version of WordPress or plugin your site is running.
Well, in my own opinion I do not like that feature to be enabled by default because for beginners that don’t really know well how to secure their site from hackers. They are exposing important information that the bad guys may be able to use to exploit their site.
I have here two methods that you can use to get away with this vulnerability. You just have to add the code to your functions.php file.
Method 1: This method will remove the “ver” parameter from all of the enqueued CSS and Javascript files.
// removes version parameter from any enqueued scripts and stylesheets
function os_remove_wp_ver_css_js( $src ) {
if ( strpos( $src, 'ver=' ) )
$src = remove_query_arg( 'ver', $src );
return $src;
}
add_filter( 'style_loader_src', 'os_remove_wp_ver_css_js', 9999 );
add_filter( 'script_loader_src', 'os_remove_wp_ver_css_js', 9999 );
Method 2: This method will only remove the "ver" parameter if it matches the version of the currently installed WordPress core.
// removes WP version paramater from any mathching version
function os_remove_wp_ver_css_js( $src ) {
if ( strpos( $src, 'ver=' . get_bloginfo( 'version' ) ) )
$src = remove_query_arg( 'ver', $src );
return $src;
}
add_filter( 'style_loader_src', 'os_remove_wp_ver_css_js', 9999 );
add_filter( 'script_loader_src', 'os_remove_wp_ver_css_js', 9999 );
After adding any of the codes mentioned above, any version parameter related to your WordPress or plugin installation should already be removed. In my next post, I will also discuss how this version thing affects browser caching.
