Title: Plugin Leaking Version information Last modified: April 23, 2018 --- # Plugin Leaking Version information * Resolved [poopertropper](https://wordpress.org/support/users/poopertropper/) * (@poopertropper) * [8 years, 1 month ago](https://wordpress.org/support/topic/plugin-leaking-version-information/) * Our internal security team has flagged this plugin for production use because the plugin displays the version information within the HTML. * While the threat is minimal, the idea behind version leaking is that hackers may be aware of a certain exploit based on version number and if they can get that version number it makes it easier to exploit * [https://www.techrepublic.com/blog/it-security/dont-leak-service-and-version-info-to-would-be-hackers-how-to-hide-it/](https://www.techrepublic.com/blog/it-security/dont-leak-service-and-version-info-to-would-be-hackers-how-to-hide-it/) * Is there any reason to print out the version information? I’d rather not have to hack the module and remove it myself or worse uninstall completely so I was hoping to hear some feedback as to the need for printing version info. * Wordpress does this as well, but luckily they give you an out to disable all version info from being public. Thoughts? Viewing 6 replies - 1 through 6 (of 6 total) * Plugin Author [Hector Cabrera](https://wordpress.org/support/users/hcabrera/) * (@hcabrera) * [8 years, 1 month ago](https://wordpress.org/support/topic/plugin-leaking-version-information/#post-10210310) * Hi [@poopertropper](https://wordpress.org/support/users/poopertropper/), * > Is there any reason to print out the version information? * The version number is there mostly for debugging purposes. * If someone really, _really_ wanted to find out which version of any plugin you have installed on your site, they can still navigate to [https://www.example.com/wp-content/plugins/plugin-name/readme.txt](https://www.example.com/wp-content/plugins/plugin-name/readme.txt) and they’ll instantly get all the information they need from said plugin. A similar approach can be taken to determine the version number of your current theme. * The best thing anyone can do to keep attackers out is by making sure you’re running the latest version of everything: themes, plugins, WordPress core, PHP, MySQL, server’s OS, et cetera. (and even that way, they might still find a way in, so constant monitoring is a must.) * WPP is open source and its code can be found on [Github](https://github.com/cabrerahector/wordpress-popular-posts). If you ever find a security vulnerability, please make sure to let me know and I’ll look into it as soon as possible. * Thread Starter [poopertropper](https://wordpress.org/support/users/poopertropper/) * (@poopertropper) * [8 years, 1 month ago](https://wordpress.org/support/topic/plugin-leaking-version-information/#post-10211281) * I totally understand that, but unfortunately it is a requirement of the business to not allow any version information to leak into the publicly view-able HTML. * Our theme is 100% custom and we’re able to remove wordpress version information with a simple hook, so I was hoping something else like this was available through WPP. However I totally understand your point of view and thank you for the feedback. I suppose we will just have to build our own popular post plugin for the time being. Thanks again! * Plugin Author [Hector Cabrera](https://wordpress.org/support/users/hcabrera/) * (@hcabrera) * [8 years, 1 month ago](https://wordpress.org/support/topic/plugin-leaking-version-information/#post-10211397) * Don’t mention it, [@poopertropper](https://wordpress.org/support/users/poopertropper/). * > Our theme is 100% custom and we’re able to remove wordpress version information > with a simple hook, so I was hoping something else like this was available > through WPP. * Well, there may be a workaround. * I’m not 100% sure as I’m not near my computer right now, but I recall noticing that when hooking either into [wpp_custom_html](https://github.com/cabrerahector/wordpress-popular-posts/wiki/3.-Filters#wpp_custom_html) or [wpp_post](https://github.com/cabrerahector/wordpress-popular-posts/wiki/3.-Filters#wpp_post)( don’t remember which one) the plugin wasn’t including the version number in the HTML output. I don’t remember if I ever fixed that or not, so you might want to give it a shot. * I may add a simple check for WP_DEBUG, and if it’s enabled then all that info( version number, console.log messages, etc) will be available. Otherwise, well, it won’t be 😛 * Sounds fair enough? * Thread Starter [poopertropper](https://wordpress.org/support/users/poopertropper/) * (@poopertropper) * [8 years, 1 month ago](https://wordpress.org/support/topic/plugin-leaking-version-information/#post-10211559) * That would be amazing! * Plugin Author [Hector Cabrera](https://wordpress.org/support/users/hcabrera/) * (@hcabrera) * [8 years, 1 month ago](https://wordpress.org/support/topic/plugin-leaking-version-information/#post-10214531) * [There you go](https://github.com/cabrerahector/wordpress-popular-posts/commit/b361f6a4b781ad051564045ec9b357b9e70914b8), [@poopertropper](https://wordpress.org/support/users/poopertropper/)! You can either use the Github version of the plugin now or wait for a couple of weeks to get the official update. * Thread Starter [poopertropper](https://wordpress.org/support/users/poopertropper/) * (@poopertropper) * [8 years, 1 month ago](https://wordpress.org/support/topic/plugin-leaking-version-information/#post-10264304) * You’re amazing! Viewing 6 replies - 1 through 6 (of 6 total) The topic ‘Plugin Leaking Version information’ is closed to new replies. * ![](https://ps.w.org/wordpress-popular-posts/assets/icon-256x256.png?rev=1232659) * [WP Popular Posts](https://wordpress.org/plugins/wordpress-popular-posts/) * [Frequently Asked Questions](https://wordpress.org/plugins/wordpress-popular-posts/#faq) * [Support Threads](https://wordpress.org/support/plugin/wordpress-popular-posts/) * [Active Topics](https://wordpress.org/support/plugin/wordpress-popular-posts/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wordpress-popular-posts/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wordpress-popular-posts/reviews/) * 6 replies * 2 participants * Last reply from: [poopertropper](https://wordpress.org/support/users/poopertropper/) * Last activity: [8 years, 1 month ago](https://wordpress.org/support/topic/plugin-leaking-version-information/#post-10264304) * Status: resolved