Title: Security issue. Remove version from body Last modified: August 21, 2016 --- # Security issue. Remove version from body * [Jim Burnett](https://wordpress.org/support/users/blackfault/) * (@blackfault) * [12 years, 1 month ago](https://wordpress.org/support/topic/security-issue-remove-version-from-body/) * First let me say that I love your plugin and I am a donator. With that said, please remove the plugin version from the blog body. This allows passive scanning from tools such as wp-scan and poses as security risk in the event that a vulnerability is found with your plugin. * Thanks * [https://wordpress.org/plugins/all-in-one-seo-pack/](https://wordpress.org/plugins/all-in-one-seo-pack/) Viewing 3 replies - 1 through 3 (of 3 total) * [Caleb Fultz](https://wordpress.org/support/users/cfultz/) * (@cfultz) * [12 years, 1 month ago](https://wordpress.org/support/topic/security-issue-remove-version-from-body/#post-4806689) * I completely agree. The plugin is excellent and works well above my expectations for any plugin, but with the version number in the body, this is giving a potential exploit notifier available for any vulnerability scanner. All I’m asking is that you remove the version number. The rest of it is completely cool with me. Thank you for your hard work! * [Peter Baylies](https://wordpress.org/support/users/pbaylies/) * (@pbaylies) * [12 years, 1 month ago](https://wordpress.org/support/topic/security-issue-remove-version-from-body/#post-4806696) * Hi Jim, * One thing you could try – define AIOSEOP_VERSION in your wp-config.php * `define( 'AIOSEOP_VERSION', 'x.xx' );` * I’ll see if it’s possible to add an option for this; note that this may not be easy, as the version gets set very early on in the plugin. Also, I can’t guarantee that withholding the version number will afford you any real protection – often, hackers run automated tools that try exploits regardless of the displayed version number, without checking for them, because they already know that version numbers displayed on a webpage aren’t a reliable way of checking what version of which software may actually be present. * Thread Starter [Jim Burnett](https://wordpress.org/support/users/blackfault/) * (@blackfault) * [12 years, 1 month ago](https://wordpress.org/support/topic/security-issue-remove-version-from-body/#post-4806706) * Peter, Thanks a ton for the reply. * I was able to find a way to strip all comments from the final output but running filters with ob_start. Not the best solution but it prevents version information like this for being leaked.. Any disclosure of any version information is considered an information disclosure leak, regardless of the priority. While targeted attacks do exploit regardless of version numbers, the bots mainly do not. * Thank a ton for the consideration! * -Jim Viewing 3 replies - 1 through 3 (of 3 total) The topic ‘Security issue. Remove version from body’ is closed to new replies. * ![](https://ps.w.org/all-in-one-seo-pack/assets/icon.svg?rev=2443290) * [All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic](https://wordpress.org/plugins/all-in-one-seo-pack/) * [Frequently Asked Questions](https://wordpress.org/plugins/all-in-one-seo-pack/#faq) * [Support Threads](https://wordpress.org/support/plugin/all-in-one-seo-pack/) * [Active Topics](https://wordpress.org/support/plugin/all-in-one-seo-pack/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/all-in-one-seo-pack/unresolved/) * [Reviews](https://wordpress.org/support/plugin/all-in-one-seo-pack/reviews/) * 3 replies * 3 participants * Last reply from: [Jim Burnett](https://wordpress.org/support/users/blackfault/) * Last activity: [12 years, 1 month ago](https://wordpress.org/support/topic/security-issue-remove-version-from-body/#post-4806706) * Status: not resolved