Support » Plugin: Wordfence Security - Firewall & Malware Scan » Wordfence moves the readme.html file in the root directory

  • Resolved Tigr


    After installing the 6.0.20 today (upgrading from 6.0.17) I noticed that every upgrade action would delete the file readme.html in the root directory of WP install and create a file readme.xxxxxx.html, where xxxxxx is a long random-looking sequence of numbers and letters.

    I think you should check thoroughly what it is you are doing. Messing with my install is not a good idea even if you are a security plugin.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author WFMattR


    Sorry for any concern this may cause — this is done when using the “Hide WordPress version” option, because someone scanning your site can still find the version in the readme.html file, even if it is hidden in other places.

    Since readme.html isn’t loaded by WordPress, but rather served directly by the web server, the usual methods can’t be used to hide the version in that file.

    If you want to disable that option, the readme.html file should go back to its original name.

    -Matt R

    Thank you for clarifying the intent of the operation. This did cause serious concern indeed as it wasn’t clear what was happening.

    I understand the reason.
    But why not add a 403 redirect in the .htaccess. Now I have a changed file in my wp git submodule?
    A small nuance.

    Plugin Author WFMattR


    @janw.oostendorp: After some separate discussions, we may be making a similar change in a future version to avoid renaming the file. I believe the reason the dev team didn’t do it that way originally is that some hosts have restrictions on .htaccess or custom builds of Apache that are missing the expected modules, so some directives won’t work. At any rate, thanks for the input!

    -Matt R

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Wordfence moves the readme.html file in the root directory’ is closed to new replies.