Serious Security Problem

Hi!

Thank you for your feedback! It really means a lot for us!

Before I get to your problem I would like to clarify one thing, that hiding a version from script and style src won’t make your site safer, because the version of plugins, WordPress, and themes still can be easy detected inside multiple JS files, even if you will remove versions from all JS files, then there still is a possibility to compare the JS files and version will be detected.

Just wanted to let you know this before we go further.

Related to your snippet, it removes the versions from style and script srcs, I tested it locally, and it worked fine also with our plugin. I could open the editor, create/edit pages. The downside is that this snippet can create some unwanted cache issues after plugin updates. So I would recommend not to remove the version, but if you really want to hide it, then just replace it with a random string.

Here is a sample snippet for that:

add_filter('script_loader_src', 'mydomainUpdateScriptsStylesVer', 10, 2);
add_filter('style_loader_src', 'mydomainUpdateScriptsStylesVer', 10, 2);

function mydomainUpdateScriptsStylesVer($src, $handle)
{
    $parsedSrc = parse_url($src, PHP_URL_QUERY);
    $src = remove_query_arg('ver', $src);
    parse_str($parsedSrc, $queryArgs);
    if (isset($queryArgs['ver'])) {
        $salt = 'customSalt';
        $hashedVer = substr(sha1($queryArgs['ver'] . $salt), 0, 5);
        $src = add_query_arg(
            [
                'ver' => $hashedVer,
            ],
            $src
        );
    }

    return $src;
}

As you will update the $salt to your custom, then nobody will know the version anymore 🙂

If you’re still facing some issues, please let us know.

• This reply was modified 3 years, 4 months ago by Edgars V. Reason: Updated code tags