Xavier What we have to say on Twitter
Xavier Xavier

Xavier Media®
line

  Subscribe by email Subscribe via email

  Feed link Subscribe via RSS
  What is RSS? What is RSS?

  MyXavier Follow @XavierMedia

  Twitter Follow @XavierMedia

  Facebook Our Facebook page

XavierMedia.com

Webmaster Tools

Keywords

.com Adobe Affiliate program articles Banner Exchange blog Clickbank Contests Domain names Easy PLR eBay/PayPal Education Entrecard exavier Facebook Finance Fun & Games Google Hosting HTML & The Web Malware Marketers Mistakes McAfee Microsoft Movies Nicole Dean password Passwords PayPal PHP & MySQL phpBB plugin Security SEO Site of the Month Spam TLD Top Level Domains Trojan TV Twitter UK Stuff Windows Wordpress Yahoo

RSS iPhone and iPad stuff – Most Useful Things
«
»
Featured

How to make WordPress more secure – part 2

June 2nd, 2010 by Andreas from Xavier Media® in Antivirus & Security, Blogging, CGI & PHP, The World According to Xavier. Topics:

WordPress is a fantastic blogging platform to use for your blog, but did you know that WordPress is actually telling spammers what version of WordPress you use. The version number may not be sucha big thing you may say, but it is because spammers and hackers then know how to best attack your blog!!!

Since WordPress is telling everyone the version number you use spammers and everyone else interested will know what vulnerabilities existed in that version and this information will help anyone who may want to attack your blog.

To find the version number of your blog (without loggin in to the dashboard) , you just view the source code of your blog and locate this HTML tag somewhere in the header:

<meta name="generator" content="WordPress 2.9.2" />
<!-- leave this for stats -->

This information doesn't only help spammers and hacker to attack your blog, but it also helps them to locate your WordPress blog. By searching for this information in web pages spammers can easily identify your blog as a WordPress blog ans start spamming you with comment spam.

Now you know why it's important to hide this information, so how do you hide the version number?

If you look in the folder where your theme is located (wp-content/themes/the name of your theme/) you should find a file called functions.php. Open this file in a text editor (like wordpad or nano for example) and add the following code a few lines after the first line:

function xmcom_remove_version()
{
         return '';
}
add_filter('the_generator', 'xmcom_remove_version');

This will remove the version number from both your HTML source code and your feed.

I noticed however that some themes got another piece of code leaking your version number even if you add the code above in functions.php, so for some themes you will have to look in header.php too. The code you should remove look something like this:

<meta name="generator" content="WordPress
<?php bloginfo('version'); ?>" />

If you had this code in your header.php and remove that you shouldn't give away your version number to anyone anymore :-) .

About the author
Andreas co-founded Xavier Media® in 1996 and has since been involved in all kinds of development, marketing and making money online.

 

You may also be interested in...
How to make WordPress more secure
How to secure your site against the Facebook hack – Part 3
Antivirus for your WordPress blog

Subscribe to new posts from this blog

Leave a Reply

Powered by WP Status.net plugin.

RSS XavierMedia.org

RSS Easy PLR

 line
line line
line © Copyright 1996-2012 Xavier Media®. All rights reservered.
Contact us | Support/help | Privacy Policy | Company Info
The World According to Xavier | Domain Names