Version Number in HTML | ww.wp.xz.cn

zac-garrett
(@zac-garrett)

18 years, 3 months ago
While looking through the source of my site I noticed something quite disturbing from a security standpoint. The All in One SEO plugin puts the version number in the source of the site. From a security standpoint this is a big no-no, you don’t want people to know the version of something you are running. If your version is outdated and there is a known security problem it is much easier for a script kiddie to exploit.

For my personal site I changed the following code:
```
echo "\n\n";
```
to

echo "\n\n";

Viewing 3 replies - 1 through 3 (of 3 total)

whooami
(@whooami)

18 years, 3 months ago

nice job on that upgrade to 2.3.3! good for you! 😛

you can check your logs to figure out what I just clued you into :>

im the 199.x.x.x ip

—

i noticed you put your version in the drop down box, thats not where I got it from.

Thread Starter zac-garrett
(@zac-garrett)

18 years, 3 months ago

Ahh, forgot to redirect all of the various feed items to feedburner. Still trying to work out all of the oddities of WordPress after moving over from Serendipity.

Command line is fun:
tail access_log | grep 199.[0-255].[0-255].[0-255]

Thanks for pointing that out.

uberdose
(@uberdose)

18 years, 3 months ago

Hi Zac, I don’t think I will leave the version out because it helps me tremendously in diagnosing problems (which I do every day). And there has never been any security problem I’m aware of. So the benefits outweigh the drawbacks IMHO.

If there is a loop hole in a web application you don’t care very much for the exact version anyway since it’s so easy to just probe it automatically.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Version Number in HTML’ is closed to new replies.

3 replies
3 participants
Last reply from: uberdose
Last activity: 18 years, 3 months ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics