Software such as Nikto looks for files such as readme.html and license.txt to identify wordpress.
+ /readme.html: This WordPress file reveals the installed version.
+ OSVDB-3092: /license.txt: License file found may identify site software.
The readme.html is an obvious target because it contains the version number of the wordpress install.
Sure I could rename them to obscure them, but what’s the point of a “secure” plugin when it doesn’t even cover the basics?
Sure I could delete these files, but what I want to keep them for my reference?
Plus it’s likely that they will be restored when WordPress updates itself.
- The topic ‘[Plugin: Secure WordPress] Insecure: readme.html/license.txt’ is closed to new replies.