Hi @poopertropper,
Is there any reason to print out the version information?
The version number is there mostly for debugging purposes.
If someone really, really wanted to find out which version of any plugin you have installed on your site, they can still navigate to https://www.example.com/wp-content/plugins/plugin-name/readme.txt and they’ll instantly get all the information they need from said plugin. A similar approach can be taken to determine the version number of your current theme.
The best thing anyone can do to keep attackers out is by making sure you’re running the latest version of everything: themes, plugins, WordPress core, PHP, MySQL, server’s OS, et cetera. (and even that way, they might still find a way in, so constant monitoring is a must.)
WPP is open source and its code can be found on Github. If you ever find a security vulnerability, please make sure to let me know and I’ll look into it as soon as possible.
I totally understand that, but unfortunately it is a requirement of the business to not allow any version information to leak into the publicly view-able HTML.
Our theme is 100% custom and we’re able to remove wordpress version information with a simple hook, so I was hoping something else like this was available through WPP. However I totally understand your point of view and thank you for the feedback. I suppose we will just have to build our own popular post plugin for the time being. Thanks again!
Don’t mention it, @poopertropper.
Our theme is 100% custom and we’re able to remove wordpress version information with a simple hook, so I was hoping something else like this was available through WPP.
Well, there may be a workaround.
I’m not 100% sure as I’m not near my computer right now, but I recall noticing that when hooking either into wpp_custom_html or wpp_post (don’t remember which one) the plugin wasn’t including the version number in the HTML output. I don’t remember if I ever fixed that or not, so you might want to give it a shot.
I may add a simple check for WP_DEBUG, and if it’s enabled then all that info (version number, console.log messages, etc) will be available. Otherwise, well, it won’t be 😛
Sounds fair enough?
There you go, @poopertropper! You can either use the Github version of the plugin now or wait for a couple of weeks to get the official update.