How to check your WordPress version

Short answer: in the WordPress admin, scroll to the bottom of any page – the version shows in the footer on the right (“Version 6.x.x”). Or go to Dashboard > Updates and it is listed at the top.

That is the 90% answer. The rest of this guide covers the other four ways to check (including when you cannot log in), why the version matters, and how to update safely.

Five ways to check the version#

1. The admin footer

Log in to wp-admin and look at the bottom-right of any screen. WordPress prints “Version 6.x.x” there. Fastest method if you have admin access – note that any logged-in user can see this, not just Administrators (WordPress user roles and user management covers which roles see which admin screens).

2. Dashboard > Updates

From the admin, go to Dashboard > Updates. The current version appears at the top of the page along with any available updates. This is also where you trigger a core update.

3. wp-includes/version.php

If you cannot log in to the admin – the site is broken, credentials are lost, or you are investigating a site someone else runs – check the file directly over FTP or SSH:

grep wp_version wp-includes/version.php

The output looks like $wp_version = '6.4.2'; . This is the authoritative value – everything else in the admin reads from this file.

4. WP-CLI

If you have SSH access and WP-CLI installed:

wp core version

Useful when you are checking versions across many sites from the command line. You can also run wp core check-update to see what the latest release is and whether an update is available.

5. The page source (if not disabled)

Every WordPress site outputs a generator meta tag by default:

<meta name="generator" content="WordPress 6.4.2" />

View any public page’s source (right-click > View Page Source) and search for “generator”. This is how attackers fingerprint WordPress versions at scale – they scan millions of sites and flag anyone running a version with known vulnerabilities.

For that reason, disable the generator tag. Add this to your theme’s functions.php or a site-specific plugin:

remove_action('wp_head', 'wp_generator');

Same reasoning applies to readme.html in the WordPress root directory – it contains the version number and is accessible at yoursite.com/readme.html by default. Delete it, or block access via .htaccess or Nginx config. It comes back on every core update, so either automate the removal or accept that you need to clean it up after each update.

Why the version matters#

Two reasons:

Security. WordPress core regularly patches vulnerabilities. Running a version that is a few releases behind means you are exposed to known exploits that are already public. Running an actively unsupported version (currently anything before 6.0) means you get no security updates at all. The plugin vulnerability situation is even worse than core, but outdated core is still the first thing an attacker checks. If a compromise has already happened, the version you are on is one of the first diagnostic details – my WordPress site was hacked: what to do right now walks through the response.

Compatibility. Plugins and themes declare a “Tested up to” WordPress version. If your site is several major versions behind, new plugins may not install cleanly. If you are several versions ahead of what a plugin supports, the plugin may break in subtle ways. Knowing your version is step zero when a plugin author asks “what version are you running?”

The PHP version matters for the same reason – how to check your PHP version covers the companion check, and running WordPress on an unsupported PHP version is just as risky as running unsupported WordPress core.

How to update WordPress core#

Two common methods:

From the admin: go to Dashboard > Updates and click Update to version x.x.x. WordPress puts the site into maintenance mode for a few seconds while the update runs, then brings it back online.

With WP-CLI:

wp core update

This downloads and installs the latest version. Add --minor to restrict to minor versions only (patches), or --version=6.4.2 to pin to a specific release.

Before you update

• Back up first. Database and files. If the update breaks something – plugin incompatibility is the usual culprit – you want to roll back cleanly. Do not skip this step on a production site.
• Check plugin compatibility. For major version updates (6.x → 7.x when it ships), look at each plugin’s “Tested up to” version. Plugins that have not been updated recently are the ones that break after core updates.
• Update on staging first. If you have a staging environment, update there, run through the critical paths (login, checkout, form submission), and only then update production. On managed WordPress hosting, staging is usually included and core updates are handled automatically with rollback – much less risky than rolling your own.
• Read the release notes. Major releases occasionally change PHP requirements or remove deprecated features. Five minutes of reading saves an hour of debugging.

After you update

Check the site. Load the homepage, a post, the checkout (if you run WooCommerce), and the admin dashboard. Most problems surface immediately. If something is broken, deactivate plugins one by one – nine times out of ten, core update issues come from an outdated plugin. If the damage is worse than that, the backup you took in the previous step is how you recover – and if a compromised plugin let malware through during the update, you will want a clean baseline to restore from.

That is it – five ways to check, one clear answer on why it matters, and a workflow for updating without breaking the site.