Security Vulnerability

  • Resolved Anonymous User 16052280

    (@anonymized-16052280)


    4 years, 4 months ago

    Hi Florian,

    I am having issues with some hacking attempts.

    So currently updating my security and I noticed that Lazy Loader is the only one revealing my WordPress version 5.4.2:

    <script   type='text/javascript' defer src='https://www.sensomap.com/a3yq/global/wp-content/plugins/lazy-loading-responsive-images/js/lazysizes.min.js?ver=5.4.2'></script>
<script   type='text/javascript' defer src='https://www.sensomap.com/a3yq/global/wp-content/plugins/lazy-loading-responsive-images/js/ls.unveilhooks.min.js?ver=5.4.2'></script>

    For security reasons is there any way you could fix that?
    Setting the version to null or to any random number?

    Thank you,
    Andrei

    The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)
  • Moderator Yui

    (@fierevere)

    永子

    Please note: revealing your WordPress version is not a vulnerability and does not expose your site to attacks. Unless you run old, known to be vulnerable version and disabled auto-updates for core. However, if you do so, hiding version number usually doesnt help, botnet powered scanners will try attack vector anyway.

    Plugin Author Florian Brinkmann

    (@florianbrinkmann)

    Hi Andrei,

    like @fierevere wrote (thanks for stepping in), that is not really a security issue.

    But I will modify it in the next release to a string that represents the last modification date of the files, so that changing the files in a release leads to a new query string and lets the browser download the new version instead of the cached one.

    Best,
    Florian

    Thread Starter Anonymous User 16052280

    (@anonymized-16052280)

    Hi @fierevere
    Thank you for the clarification. My assumption was based on the fact that most security plugins provide this option to ‘Hide WordPress Version”. And I also found this topic in many security related articles.

    Hi @florianbrinkmann
    Thank you for the support and great plugin. Looking forward to this next release.

    Moderator Yui

    (@fierevere)

    永子

    Since you mentioned this as “Vulnerability” i had to make my remark above.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Security Vulnerability’ is closed to new replies.