[wp-trac] [WordPress Trac] #12495: Don't include generator tags by default
WordPress Trac
wp-trac at lists.automattic.com
Wed Mar 3 11:44:40 UTC 2010
#12495: Don't include generator tags by default
--------------------------+-------------------------------------------------
Reporter: scribu | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 3.0
Component: General | Version:
Severity: normal | Keywords: has-patch commit
--------------------------+-------------------------------------------------
Comment(by dd32):
> - the information is already collected through the automatic upgrade
feature, introduced in WP 2.7
Keeping it in there allows non-WordPress scans to detect what the
publisher of the content is.
> it gives out sensitive information that can be used for attacking the
site
Whilst the information may seem sensitive, it really isnt all that
revealing, or at least, not more than any other method
1. Anything automated will try every attack known to man
2. Anyone who wants to know the exact version, and/or revision of a
WordPress install can do so by checking the filesize of any publically
accessable css or js file.
3. Anyone who feels its sensitive information to them can install one of
the many plugins to disable it. Moving it to hooks allowed for that
(Instead of it being hard coded)
--
Ticket URL: <http://core.trac.wordpress.org/ticket/12495#comment:3>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list