Hello Stephen,
is the config link accessible even if you are not logged in to WordPress admin? I’m not sure what the page does exactly but it seems like anything to do with config should be behind login. If it is behind log in, nothing is really being exposed.
Thread Starter
Stephen
(@sboltonjr)
Hello
Sorry for the late response, I didn’t see a notification come through via email.
Yes anyone can access this link and can’t be blocked using wordfence because the tapatalk mobile app will not load the posts if it is blocked.
Here is a screenshot of what I’m seeing:
http://i.imgur.com/phWnIIy.jpg
Hello again Stephen,
no worries. I also seem to miss email notifications sometimes. Thanks for checking back in.
I think the only way to get rid of that exposure of the WordPress version is to ask Tapatalk to remove it. I am assuming some kind of authentication is used so you might want to ask them why they are not authenticating that request.
I will add that I don’t think it’s a huge security risk to expose your WordPress version as long as you are always keeping WordPress and all of your plugins up to date.
Thread Starter
Stephen
(@sboltonjr)
Yes, definitely updating when new WP versions release. Hoping they will see my thread at some point and do something about it, may just have to email them again.
I’m marking this as resolved for now since this isn’t exactly a WF issue, and should have been reported via email instead. Thanks.
