This is fairly primitive. The techniques used by tools like nmap to fingerprint operating systems were established in the early 90's by Comer, and they involve behavioral testing. You should assume that even if you modify <i>all</i> the files in your (say) Wordpress distribution, an attacker can still fingerprint it.
Very interesting research describing a simple way to detect which version a web app is running.<p>They just fingerprint a few css/js files, get their md5sums and create a list of them for each version...