If you are running an old WordPress version with known vulnerabilities, it is unwise to display this information to the public. Why not simply hide the WordPress version entirely?
Add the following to functions.php
<?php function pixert_remove_version() { return ''; } add_filter('the_generator', 'pixert_remove_version'); ?>
or
<?php remove_action('wp_head', 'wp_generator'); ?>