We recommend keeping them in for debugging purposes.
One way to remove it is to use an HTML minifier plugin which removes HTML comments automatically.
I do not understand the idea of using an extra plugin to fix a security flaw. I also do not understand the need to compromise security for debugging purposes. You debug on a test site and fully secure a production site as best practice. By your comments, am I to believe that this plugin is still in beta?
I do not understand the idea of using an extra plugin to fix a security flaw.
This isn’t a security flaw. Many other plugins, including WordPress core, do the same.
You asked how to remove it, that’s how. At some point we may add a hook to remove it.
I also do not understand the need to compromise security for debugging purposes.
Security by obscurity isn’t security.
You debug on a test site and fully secure a production site as best practice.
He’s referring to providing support to users and debugging their sites, not debugging the plugin itself as a development practice.
By your comments, am I to believe that this plugin is still in beta?
Nope.
I am thinking for security so when people don’t update in a timely manner they are less vulnerable.
Keep your plugins up to date.
This isn’t a security flaw. Many other plugins, including WordPress core, do the same
I remove that with code.
Security by obscurity isn’t security.
Maybe not, but every little bit helps.
He’s referring to providing support to users and debugging their sites
Ask them for the version number instead of just displaying it.
Keep your plugins up to date.
Obviously that is best practice, and most of us do. There are many sites that never get updated and the extra info delivered to the script kiddies makes it easier for them to compromise a site.
Here is the resolution…. I created a plugin to strip the offending information from my source. If anyone wants it, let me know. It is small and free.
