[wp-hackers] WordPress Should Delete WP Version information on head
Dre Armeda
dre at armeda.com
Tue Mar 19 18:26:31 UTC 2013
Removing the version info will not stop attackers using automated
mechanisms looking for known vulnerabilities, removing it would
encourage obscure practices with minimal positive impact. If the
argument is you're going to stop a couple script kiddies, then sure, it
can slightly reduce your risk, please focus on my use of slightly.
Beyond that, don't be fooled to think this will prohibit attackers from
learning what vulnerabilities are running on your WordPress install,
that in itself is an obscure line of thinking. This is the nature of
having software online, there's inherit risk of attack, the percentage
of risk will never be zero!
Simon: Although I don't think it would send a clear picture to typical
users, the need to educate on the importance of upgrading is indeed the
bigger challenge here! We need to make it higher priority in terms of
awareness and notifying users that being outdated can cause them further
issue and frustration. This isn't a WordPress problem per se, but
WordPress surely gets blamed as the "insecure" piece of the puzzle.
Thanks,
Dre Armeda
@dremeda
> Sinan <mailto:sinan at sinanisler.com>
> March 19, 2013 11:15 AM
> Thanks for joining conversation.
>
> Some people understand me thank you guys ;)
>
>
>
> 2013/3/19 Simon Blackbourn <piemanek at gmail.com>
>
>
>
>
> Simon Blackbourn <mailto:piemanek at gmail.com>
> March 19, 2013 10:52 AM
> whether removing the version number from the header makes it easier or not
> for your site to get hacked is irrelevant.
>
> far more important is that it would send a clear message to users saying
> "it doesn't matter if you don't upgrade because no one will know". that's
> the exact opposite of the message they should be getting.
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
> Marko Heijnen <mailto:mailing at markoheijnen.nl>
> March 19, 2013 10:01 AM
> Hey Sinan, That is saying more about you then me.
>
>
> Dobri:
> Obviously WordPress had security risks. Just like every other platform
> but showing the version number in the head doesn't make a difference.
> Also if I'm correct most of the recent vulnerabilities where for
> registered users. Things they could do but shouldn't be able.
>
>
>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
> Sinan <mailto:sinan at sinanisler.com>
> March 19, 2013 9:58 AM
> @Marko Heijnen
>
> I dont have respond to that.
>
>
> 2013/3/19 Marko Heijnen <mailing at markoheijnen.nl>
>
>
>
>
> Marko Heijnen <mailto:mailing at markoheijnen.nl>
> March 19, 2013 9:55 AM
> This isn't a security risk at all. If you think bots check your
> version then you are wrong. Also WordPress isn't the security risk.
> The plugin you are using are.
>
>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
More information about the wp-hackers
mailing list