[wp-hackers] WordPress Should Delete WP Version information on head

Dobri dyordan1 at ramapo.edu
Tue Mar 19 16:58:18 UTC 2013


I am also a big supporter of WordPress but I wouldn't claim it's perfect and has always been perfect. There are many version-specific vulnerabilities that are not introduced by plugins. Because they are analyzed and documented so well, if someone was using an old version of WP, it would be very easy to take advantage of a specific vulnerability. There would be no updates if WP was perfect, right?

On Tue, 19 Mar 2013, at 12:55 PM, Marko Heijnen wrote:

> This isn't a security risk at all. If you think bots check your version then you are wrong. Also WordPress isn't the security risk. The plugin you are using are.
> 
> Op 19 mrt. 2013, om 17:52 heeft Dobri <dyordan1 at ramapo.edu> het volgende geschreven:
> 
>> I think that exists for Search Engine Penetration and keeping track of market penetration as well. Simply put, it makes tracking % of people using WordPress and a specific version of WordPress and while it's true that's a bit of a security risk (for some setups more than for others), it also helps developers of both WP core and plugins/themes. In that respect, I think it should stay there and people should be individually responsible for hiding it if they *know* they have an old version that's susceptible to attacks and they have a good reason for keeping it. Cheers!
>> 
>> P.S. As already pointed out, it's really easy to remove if need be.
>> 
>> On Tue, 19 Mar 2013, at 12:48 PM, Sinan wrote:
>> 
>>> WordPress Should Delete WP Version information on head
>>> if this is so important there is so many ways to learn who using what vesio
>>> n of. But this public version reading is not safe.
>>> 
>>> Some times coming big security problems and when this problems match our
>>> versions bots or bad guys easly hack the sites.
>>> 
>>> What you guys thinking about this ?
>>> 
>>> -- 
>>> Sinan İŞLER
>>> sinanisler.com <http://www.sinanisler.com/>
>>> _______________________________________________
>>> wp-hackers mailing list
>>> wp-hackers at lists.automattic.com
>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>> 
>> ~Dobri
>> _______________________________________________
>> wp-hackers mailing list
>> wp-hackers at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-hackers
> 
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers

~Dobri



More information about the wp-hackers mailing list