I’ve been tweaking my wordpress theme and I noticed that WordPress itself is outputing the wordpress version in the HTML the client will receive to see the blog.
I rather hide that it’s using wordpress but that’s not an issue. Given that wordpress has some serious security vulnerabilities from time to time, isn’t it a better practice to not output it’s version!?!
This way the attacker would have to digg harder to find which exploits are available… Right?
This file is including wordpress’s version: wp-includes/general-template.php
- The topic ‘WordPress version shown in HTML code, security issue??’ is closed to new replies.