[wp-hackers] WordPress Should Delete WP Version information on head

Marko Heijnen mailing at markoheijnen.nl
Tue Mar 19 17:14:46 UTC 2013 

Yes it's a sign but most hackers don't look to that. They just target any site and try all kinds of things. Even try Joomla stuff on WordPress and the other way around.
If your version of WordPress is not the newest then that is the issue not showing the version number in the HTML.

Also readme.html is also showing the version number. The same for enqueued styles/scripts without version number and if you try harder you most likely find a reference in one of the stylesheets.
You aren't saver with removing it. You may believe that but you should check/securing you hosting platform.


Op 19 mrt. 2013, om 18:06 heeft Dobri <dyordan1 at ramapo.edu> het volgende geschreven:

> Marko,
> 
> it does make a difference - it's an *obvious* sign of you using an old version of WP and not only that but it gives you the exact specific version too. Makes someone's job a lot easier. Think some novice hacker that barely knows how to code let alone bring down major sites. You're giving him an admit-one ticket to your backend by having the version in there. For individual, very rare cases it is a big security risk to have your version out there. As stated before though, it's definitely not worth removing from all sites. It has more benefits than drawbacks.
> 
> On Tue, 19 Mar 2013, at 1:01 PM, Marko Heijnen wrote:
> 
>> Hey Sinan, That is saying more about you then me.
>> 
>> 
>> Dobri:
>> Obviously WordPress had security risks. Just like every other platform but showing the version number in the head doesn't make a difference.
>> Also if I'm correct most of the recent vulnerabilities where for registered users. Things they could do but shouldn't be able.
>> 
>> 
>> Op 19 mrt. 2013, om 17:58 heeft Sinan <sinan at sinanisler.com> het volgende geschreven:
>> 
>>> @Marko Heijnen
>>> 
>>> I dont have respond to that.
>>> 
>>> 
>>> 2013/3/19 Marko Heijnen <mailing at markoheijnen.nl>
>>> 
>>>> This isn't a security risk at all. If you think bots check your version
>>>> then you are wrong. Also WordPress isn't the security risk. The plugin you
>>>> are using are.
>>>> 
>>>> Op 19 mrt. 2013, om 17:52 heeft Dobri <dyordan1 at ramapo.edu> het volgende
>>>> geschreven:
>>>> 
>>>>> I think that exists for Search Engine Penetration and keeping track of
>>>> market penetration as well. Simply put, it makes tracking % of people using
>>>> WordPress and a specific version of WordPress and while it's true that's a
>>>> bit of a security risk (for some setups more than for others), it also
>>>> helps developers of both WP core and plugins/themes. In that respect, I
>>>> think it should stay there and people should be individually responsible
>>>> for hiding it if they *know* they have an old version that's susceptible to
>>>> attacks and they have a good reason for keeping it. Cheers!
>>>>> 
>>>>> P.S. As already pointed out, it's really easy to remove if need be.
>>>>> 
>>>>> On Tue, 19 Mar 2013, at 12:48 PM, Sinan wrote:
>>>>> 
>>>>>> WordPress Should Delete WP Version information on head
>>>>>> if this is so important there is so many ways to learn who using what
>>>> vesio
>>>>>> n of. But this public version reading is not safe.
>>>>>> 
>>>>>> Some times coming big security problems and when this problems match our
>>>>>> versions bots or bad guys easly hack the sites.
>>>>>> 
>>>>>> What you guys thinking about this ?
>>>>>> 
>>>>>> --
>>>>>> Sinan İŞLER
>>>>>> sinanisler.com <http://www.sinanisler.com/>
>>>>>> _______________________________________________
>>>>>> wp-hackers mailing list
>>>>>> wp-hackers at lists.automattic.com
>>>>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>>>> 
>>>>> ~Dobri
>>>>> _______________________________________________
>>>>> wp-hackers mailing list
>>>>> wp-hackers at lists.automattic.com
>>>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>>> 
>>>> _______________________________________________
>>>> wp-hackers mailing list
>>>> wp-hackers at lists.automattic.com
>>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>>> 
>>> 
>>> 
>>> 
>>> -- 
>>> Sinan İŞLER
>>> sinanisler.com <http://www.sinanisler.com>
>>> fb.com/sinanisler
>>> _______________________________________________
>>> wp-hackers mailing list
>>> wp-hackers at lists.automattic.com
>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>> 
>> _______________________________________________
>> wp-hackers mailing list
>> wp-hackers at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-hackers
> 
> ~Dobri
> 
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers

More information about the wp-hackers mailing list