How to Check WordPress Version Easily in Different Ways

Total
0
Shares
detect WordPress version

How can you determine the WordPress version of a site without accessing the CMS Backend? The most reliable method is to log in to the “wp-admin” area and check under “Updates”. However, this access may not always be available. You might want to check the WordPress version of a site for various reasons. Here are a few.

  • A new potential client has contacted you, and you want to know how well their site has been maintained by checking the WordPress version.
  • You’re trying to diagnose server errors and want to see if an old WP version might be the cause.
  • You’ve encountered something that hasn’t been seen before and want to know if it’s related to a new WordPress version.
  • Or, nefariously, you ought to find sites with outdated WordPress versions that can be exploited.
  • At WPArena, we want to know the WordPress version to include in the free WordPress site scan reports we will soon provide.

WordPress Version Stats

Some charts on the WordPress Statistics page show what systems people are running WordPress on.

(You’ll need JavaScript enabled to see them.)

Stats-–-WordPress-org
WordPress Version Stats
VersionUsage
6.455.03%
6.39.64%
6.26.18%
6.14.89%
6.03.09%
5.92.12%
5.82.51%
5.71.79%
5.61.21%
5.51.66%
5.41.80%
5.31.38%
5.21.32%
5.10.80%

Different Ways To Check WordPress Version

check WordPress Version

We’ve discovered five effective methods to detect the WordPress version of a website. While they are not foolproof, each method is reliable. They are listed below in ascending order of complexity:

  1. Readme file

    The quickest and easiest way to detect the WordPress version is to look at the readme.html file, which is automatically installed at the root of a WordPress site, e.g., https://wparena.com/readme.html.

  2. Feed generator tag

    If you can’t access the readme.html file (and it’s blocked by the more security-conscious hosting providers like WP Engine for that reason), your next bet is to look at the source of the site’s RSS feed – this is always found at www.wparena.com/feed/. Often, the feed’s source XML will include a <generator> tag, which will give you the version as a ?v=x.x variable – as depicted above.

  3. Generator tag in HTML source

    Sometimes, you can look at the HTML source of the page to find a generator tag like: <meta name="generator" content="WordPress 4.8.1" /> – but this is very much theme-specific, so you’re safer looking in the feed first.

  4. The version of the included files in the HTML source

    This method is a good one to check the WordPress version as well. Look at the HTML source of a site’s homepage, and there will nearly always be some script includes; a common one is a comment-reply file, which will look like this: Note the ?ver=4.8.1 at the end of the script source. When added correctly by a theme, a version of the included file is always appended to the end of the file source URL. The current WordPress version is used by default if no version is specified. You’ll often find other version numbers, but the “comment-reply.js” is usually just the WP version.

  5. An MD5 hash of publically accessible files

    MD5 Hash is by far the most complex tactic but sometimes necessary. As web software, WordPress must make at least some of its files available to browsers (stylesheets, JavaScript files, etc.), for example, the comment-reply script above. As WordPress evolves, over time, many of these files are updated. By performing an MD5 hash of the various publicly accessible files for different versions, it’s possible to deduce which version (or at least the range of versions) a WP site uses. E.g., if one downloaded your site’s comment-reply.js file, they can generate the MD5 Hash of the file (a unique fingerprint of a particular file) and then compare that to a library of known hashes for various WP versions.

To perform these checks, go to the readme.html file for the easiest way to get a result. WPArena connects WordPress sites, themes, users, professionals, and industry benchmarks to create a unique database and network that maps the real world of WordPress. Some crawlers scan hundreds of thousands of WordPress sites, analyze and report on each one, and use the data connections between them to provide new insights into the WordPress ecosystem. There are also various WordPress version detection tools available in the market that can be easily found by searching terms like “WordPress version checker,” “Check WordPress Version,” or “detect WordPress version” online. These WordPress version checker tools offer many features and benefits.

  • a free WordPress site scanner
  • a dashboard to track and monitor your WordPress sites
  • a directory of WordPress professionals
  • a unique theme explorer
  • and many more.

Please let us know in the comments below if you know anything better to check the WordPress version.

FAQs: WordPress Version Check

How can I check my WordPress version?

You can check your WordPress version by logging into your WordPress dashboard and navigating to the Updates section.

How to check WordPress version programmatically?

You can check the WordPress version programmatically by adding the following code to your theme’s functions.php file:

“`php
function get_wordpress_version() {
global $wp_version;
return $wp_version;
}

$wordpress_version = get_wordpress_version();
“`

After adding this code, you can retrieve the WordPress version by calling the `$wordpress_version` variable.

13 comments
  1. Thanks for pointing out method five.

    I wasn’t aware of that.

    I usually hide the version information, could you please share any ideas about to avoid recognition with md5 hash?

    1. Hi Maxi,

      Thanks for the comment. I know that Sucuri use this method too.

      I don’t think there’s an easy way to do prevent MD5 hashing – if you can download the file, you can hash it.

      If you were really concerned to prevent this, you would have to change the contents of the files – one extra character will do. You could either just do this manually to commonly-used files like comment-reply.js or you could use a compiling script to take your source dev files and put them into a distributable build which automatically inserts random numbers or comments into files.

      Hope that’s helpful.

      – David

      1. If you want to avoid md5 fingerprinting you need to alter the files, you could for example edit the files to add whitespace, or change their content. Even a minor change (eg add a blank comment line) will change the md5 hash completely.

        You could probably even use mod_ext_filter to automate that, but just cat-ing lines containing a whitespace character to the end of every static file, like .js .css, would probably do the trick.

    1. Hi @imagemaskinguk:disqus – it’s not on all WP sites – like anything else it depends on the theme – but we’ve found it on enough sites to make it worth checking for.

  2. It never occurred to me that you can hash files to detect the version number. But, that’s neat. Thanks for sharing.

  3. Do you know of a md5 hash test library? that has the hashes of the main files already calculated. I have a Magento version but nothing for WordPress.

  4. wp-includes/version.php is a pretty good and straight-forward way to find out the version.
    $wp_version is defined there.
    I was not able to extract the version from the readme.html page in the documt root.

Leave a Reply to Vamsi Krishna Cancel reply

Your email address will not be published. Required fields are marked *

Sign Up for Our Newsletters

Get notified of the best deals on our WordPress themes.

You May Also Like