• Resolved mrjgardiner

    (@mrjgardiner)


    My friend told me what version of WordPress I was running even though I have “Hide WordPress Version” checked under “Other options”. I asked him how he new and he pointed to this page which displays it in big letters at the top:
    https://www.headcoveringmovement.com/readme.html

    Hopefully this is just a bug because i was surprised to see how easily anyone could get that info when I thought it was truly hidden. I just bought this plugin for both of my sites (premium version) and I must admit this shakes my confidence in it being as secure as it claims.

    https://www.ads-software.com/plugins/wordfence/

Viewing 2 replies - 1 through 2 (of 2 total)
  • There are different schools of thought for this. Some people don’t think hackers check this anyway but I tend to side with the argument that says why give hackers any help. We hide the version from showing in the view source, but this is a good suggestion as well. I’ll pitch this to the dev team to see how this might be best implemented.

    Thanks for helping make Wordfence great!

    tim

    FB688

    Thread Starter mrjgardiner

    (@mrjgardiner)

    OK, I just deleted the readme.html.

    It’s ridiculous to think that if a hacker couldn’t get the version # from the source code that they’d skip over another easy well-known way. To me, I think if you’re going to advertise that feature then all publicly viewable traces of the version # need to be blocked out. To me it’s akin to advertising security, but leaving a known vulnerability where your site can be accessed because “hackers aren’t known to use that method to access your site even though they potentially could.”

    Thanks for pitching it.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘WordPress version not hidden’ is closed to new replies.