Support » Fixing WordPress » Plugins and Content Revealed in Page Source

  • Hi guys, I’ve just installed and configured a WordPress 2.7.1 website and, after setting it up, I started securing the pages.

    Unfortunately I discovered that most content, count here settings and plugin configuration, is directly accessible through the Page Source function of most browser.

    While I known it’s impossible to hide page source, I am wondering, can I still hide some of the content appearing in the source? At least plugins and some features…

Viewing 7 replies - 1 through 7 (of 7 total)
  • Moderator Samuel Wood (Otto)

    (@otto42) Admin

    What is it exactly that you’re trying to “hide”? Your question is a bit confusing.

    Thanks for replying.

    Here’s what I mean: when I visit the website I created with WordPress, the homepage source reveals all the plugins integrated into the website, such as the RSS news ticker and the poll. But more importantly, it shows all settings I made for these plugins, including RSS feeds for the news ticker and voting options for the poll.

    In addition, the source shows lots of details regarding the theme I’m using, including images and a bunch of other files.

    I searched the web and I saw there are a lot of websites featuring all kinds of plugins and some of them are just displaying a simple page source with no plugin or theme details.

    Moderator Samuel Wood (Otto)

    (@otto42) Admin

    Again, I’m not really following you. What details are you seeing? Because that doesn’t make a whole lot of sense to me. The source of the page only contains the stuff needed to make the page display.

    Perhaps if you gave a link and pointed out specifically what you’re seeing, I’d understand it better.

    Here’s a photo showing you what I mean (see the WP-Polls settings):

    Is it possible to remove/hide those lines?

    I blurred the IP for security reasons, hope you don’t mind 🙂 Also ignore that popup window, freaking Winamp 🙂

    Moderator Samuel Wood (Otto)

    (@otto42) Admin

    Is it possible to remove/hide those lines?

    Well, no. The wp-polls plugin does its thing via javascript, so that is actual code necessary to do what you want it to do. You can’t hide it because the browser needs to see it in order to run the code there.

    HTML and Javascript is passed straight to the browser, so it will always be available via the source, you can’t hide that…

    If you want particular stuff hidden away, then store it in PHP, which only gives the user the output data…

    I’ll give you an example…

    $myexamplevar = 'this is some text';
    echo $myexamplevar;

    Only thing the user will see is… “this is some text”

    Most of the time in order to give a user content you must pass the code to the browser, without that you’re going to have a very empty page…. with exception to pieces like above…

    PHP comments are also not passed to the browser, unlike HTML comments..

    Please don’t be confused into thinking you can just go and store all your code inside PHP, that wasn’t the point of the example… Just to be clear…

    From a security perspective, if you’re worried about people seeing what plugins you’re using you should know that the vast majority of hacks are carried out by automated scripts (bots) that scan the web looking for vulnerabilities – not by someone physically going to your site and viewing source to see what you’re running.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Plugins and Content Revealed in Page Source’ is closed to new replies.