Why include version number in output? (7 posts)

  1. KIH
    Posted 6 years ago #

    Hi there.
    I see that WP by default now is "spitting" out it's version number.
    Normally this is the first thing an attacker look for to run known exploits of the system.

    A common known rule is to NOT give the visitor any info about running version of the script.

    <meta name="generator" content="WordPress 2.8.4" />

    Any good reason for sending this to a potential "spambot"?

  2. esmi
    Forum Moderator
    Posted 6 years ago #

    You can stop this by adding:

    remove_action ('wp_head', 'wp_generator');

    immediately after the opening <?php tag in the theme's functions.php file.

  3. KIH
    Posted 6 years ago #

    Thank you for the "fix", but really not a good way to do things. :)
    Not many people will pick up this "fix", and 90% of WP-users will never apply it, normal users don't touch the code, it's a "no no"-thing for them.

    And those kids who have fun tampering with other peoples blogs will "strike" on those with this enabled first. It's very "google-friendly".
    Sooner or later an "exploit" is public, and the "sh*t" begin.

    Better to let them guess what kind of version is on the system.

  4. Clayton James
    Posted 6 years ago #

    but really not a good way to do things

    I don't like that method either. It messes with my version detection when I go to upgrade things automatically.

    How would you suggest doing it?

  5. KIH
    Posted 6 years ago #

    IMO. It should not be placed there at all.

    Version-info is OK in variables for use in version-specific behavior of plugins etc., and comments in PHP for the programmers.
    But never streamed out to the client.

    I can't think of one good reason to give out this info for the site owner.

    Yes, Google might harvest this to count number of sites on the web with "WordPress 2.8.4" installed, and maybe use this to rate WP's popularity against other blog-systems.

  6. esmi
    Forum Moderator
    Posted 6 years ago #

  7. KIH
    Posted 6 years ago #

    esmi, i'm 100% sure that you provided the optimal solution on this issue.

    But i really miss a good answer why it was placed there, and left there when it's a known "issue"..

Topic Closed

This topic has been closed to new replies.

About this Topic