=== Hide WP Version ===
Contributors: snehalpancholi
Tags: security, hide version, hardening, fingerprint, generator
Requires at least: 6.0
Tested up to: 6.7
Requires PHP: 8.1
Stable tag: 1.0.0
License: GPL-2.0+
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Remove WordPress version fingerprints that help attackers identify your platform version and target known vulnerabilities.

== Description ==

Hide WP Version removes multiple sources of WordPress version information from your site's output, making it harder for automated scanners to fingerprint your installation.

**Features:**

* Remove `<meta name="generator">` from HTML head
* Strip `?ver=` from all frontend CSS and JS URLs
* Remove WordPress version from RSS/Atom feed generator tags
* Block direct access to readme.html, readme.txt, and license.txt (returns 403)
* Replace specific login error messages with a single generic message
* Remove X-Powered-By HTTP header (hides PHP version)
* Remove RSD (Really Simple Discovery) link from head
* Remove Windows Live Writer manifest link from head
* Each feature can be independently enabled or disabled

== Installation ==

1. Upload the `hide-wp-version` folder to `/wp-content/plugins/`
2. Activate the plugin through the 'Plugins' menu
3. Go to Settings → Hide WP Version to configure individual features

== Frequently Asked Questions ==

= Will stripping asset versions break caching? =
Only on the frontend. Admin assets retain their version strings. Most caching configurations handle unversioned assets correctly.

= Does this replace a WAF? =
No. This is a fingerprint-reduction measure, not a firewall. Use it alongside a proper WAF or security plugin for defence in depth.

== Changelog ==

= 1.0.0 =
* Initial release.

== Upgrade Notice ==

= 1.0.0 =
Initial release.
