Having the file readme.html available on a website tells a would-be hacker exactly what version of WordPress is being used. If someone hasn’t updated, say for example is still on 3.0 and not 3.0.1, a hacker then knows immediately what vulnerabilities there are.
You should delete this file. It could be changed into a readme.php file where the isAdmin() [or whatever it is] is checked but this reduces visibility for off-line folks.
This is the same reasoning why the version isn’t published on each webpage on a site.
- The topic ‘readme.html is security hole’ is closed to new replies.