How do you find out what version of WordPress a site is running if you don’t have access to the CMS? Of course, the most reliable way of finding the version of a WordPress site is to log into the CMS and look under ‘Updates’! But we don’t always have that luxury. There are plenty of reasons (both legitimate and nefarious) why you would want to do this:
- You’ve been contacted by a new potential client and you want to get an idea for how well their site has been maintained
- You’re trying to diagnose server errors and want to see if an old WP version might be the cause
- You’ve come across something you haven’t seen before and want to see if it’s related to a new WP version
- Or, nefariously you might want to find sites with out of date WP installations that can be exploited
- At wp.io, we want to find out the version to include in the free WordPress site scan reports we provide (e.g. http://wp.io/site-report/www-pragmatic-web-co-uk-5-22/)
WordPress Version Stats
Here are on WordPress Statistics page some charts showing what sorts of systems people are running WordPress on.
We’ve found five neat ways of determining the version of a site. They don’t all work all the time but it’s rare that none will work. Here they are, in ascending order of difficulty:
The quickest and easiest way is just to look at the readme.html file which is automatically installed at the root of a WordPress site, e.g. http://wp.io/readme.html
Feed generator tag
If you can’t access the readme file (and it’s blocked by the more security-conscious hosting providers like WP Engine for that very reason), your next bet is to look at the source of the site’s RSS feed – this is always found at www.yoursite.com/feed/ – e.g. www.pragmatic-web.co.uk/feed/. Often, the feed’s source XML will include a
<generator>tag which will give you the version as a ?v=x.x variable – as depicted above.
Generator tag in HTML source
Sometimes, you can just look at the HTML source of the page to find a generator tag like:
<meta name="generator" content="WordPress 4.3" />– but this is very much theme-specific so you’re safer looking in the feed first.
Version of included files in HTML source
This is a good one too. Look in the HTML source of a site’s homepage and there will nearly always be some script includes, a common one is a comment-reply file, which will look like this: Note the
?ver=3.5at the end of the script source. When included correctly by a theme, a version of the included file is always appended to the end of the file source URL. If no version is specified, the current WordPress version is used by default. You’ll often find other version numbers ARE included, but the comment-reply is usually just the WP version.
MD5 hash of publically-accessible files
http://www.yoursite.com/wp-includes/js/comment-reply.min.jsthen they can generate the MD5 hash of the file (which is a unique fingerprint of a particular file) and then compare that to a library of known hashes for various WP versions.
The easiest way to perform all of these checks is just to head over to wp.io and run a free site report on any WordPress site you’re interested in! wp.io connects WordPress sites, themes, users, professionals and industry benchmarks to create a unique database and network that maps the real, live world of WordPress. wp.io’s crawlers scan hundreds of thousands of WordPress sites, analyze and report on each one and then use the data connections between them to provide brand new insights into the WordPress ecosystem. wp.io offers:
- a free WordPress site scanner
- a dashboard to track and monitor your WordPress sites
- a directory of WordPress professionals
- a unique theme explorer
If you know anything better, please let us know in the comments below.