[wp-trac] [WordPress Trac] #12495: Don't include generator tags by default
WordPress Trac
wp-trac at lists.automattic.com
Fri Mar 5 13:39:42 UTC 2010
#12495: Don't include generator tags by default
--------------------------+-------------------------------------------------
Reporter: scribu | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 3.0
Component: General | Version:
Severity: normal | Keywords: has-patch
--------------------------+-------------------------------------------------
Comment(by filosofo):
Replying to [comment:8 dd32]:
> My point remains that to me, Removing it doesnt make sense, It only
appears to make it more secure, it doesnt infact do that at all.
I agree. Removing the generator only hurts the good guys. Quite
frequently I'll take a look at source to see the version of WP used by the
blog I'm commenting on, and then I'll send a quick email to the site owner
if it's really old.
Most of the time I wouldn't bother trying to deduce the version from
features, but from server logs I've seen, going after features seems to be
a continual attack vector: bots don't always bother figuring out the
version, they just hit the site with all known attacks.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/12495#comment:9>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list