[wp-trac] Re: [WordPress Trac] #4155: Let's hide the version number
from public display
WordPress Trac
wp-trac at lists.automattic.com
Mon Jul 2 02:40:08 GMT 2007
#4155: Let's hide the version number from public display
-------------------------+--------------------------------------------------
Reporter: drmike | Owner: anonymous
Type: enhancement | Status: reopened
Priority: normal | Milestone: 2.3 (trunk)
Component: General | Version:
Severity: normal | Resolution:
Keywords: |
-------------------------+--------------------------------------------------
Changes (by g30rg3x):
* status: closed => reopened
* cc: drmike (removed)
* type: defect => enhancement
* component: Administration => General
* milestone: => 2.3 (trunk)
* resolution: wontfix =>
Comment:
I hate reopening tickets :-/...[[BR]]
[[BR]]
but i have to agree that pointing this is a "security feature" or
"security related" matter its not totally right and also useless because
if a hacker didn't find the version he will try all know exploits and also
this is applicable to all bots or automated exploit tools.[[BR]]
[[BR]]
But I propose to see this as a privacy feature (not security feature),
some prefer to hide his version rather than just being output publicly, i
know this could be done by just changing some of the version retriever
code (most of them are in bloginfo functions in general-template.php and
other related to feeds files) and obviously add and a option in Options >>
Privacy (wp-admin/options-privacy.php) to turn off and on the version
disclousure.[[BR]]
[[BR]]
IMHO this is better, let the user choose if he wants to display his
version rather than just cutting off in all publicly view places...
--
Ticket URL: <http://trac.wordpress.org/ticket/4155#comment:6>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list