[wp-hackers] WordPress Should Delete WP Version information on head

Sinan sinan at sinanisler.com
Tue Mar 19 18:35:45 UTC 2013 

"This is the nature of having software online, there's inherit risk of
attack, the percentage of risk will never be zero!"
Agree


2013/3/19 Dre Armeda <dre at armeda.com>

> Removing the version info will not stop attackers using automated
> mechanisms looking for known vulnerabilities, removing it would encourage
> obscure practices with minimal positive impact. If the argument is you're
> going to stop a couple script kiddies, then sure, it can slightly reduce
> your risk, please focus on my use of slightly. Beyond that, don't be fooled
> to think this will prohibit attackers from learning what vulnerabilities
> are running on your WordPress install, that in itself is an obscure line of
> thinking. This is the nature of having software online, there's inherit
> risk of attack, the percentage of risk will never be zero!
>
> Simon: Although I don't think it would send a clear picture to typical
> users, the need to educate on the importance of upgrading is indeed the
> bigger challenge here! We need to make it higher priority in terms of
> awareness and notifying users that being outdated can cause them further
> issue and frustration. This isn't a WordPress problem per se, but WordPress
> surely gets blamed as the "insecure" piece of the puzzle.
>
>
> Thanks,
> Dre Armeda
> @dremeda
>
>  Sinan <mailto:sinan at sinanisler.com>
>> March 19, 2013 11:15 AM
>>
>> Thanks for joining conversation.
>>
>> Some people understand me thank you guys ;)
>>
>>
>>
>> 2013/3/19 Simon Blackbourn <piemanek at gmail.com>
>>
>>
>>
>>
>> Simon Blackbourn <mailto:piemanek at gmail.com>
>> March 19, 2013 10:52 AM
>>
>> whether removing the version number from the header makes it easier or not
>> for your site to get hacked is irrelevant.
>>
>> far more important is that it would send a clear message to users saying
>> "it doesn't matter if you don't upgrade because no one will know". that's
>> the exact opposite of the message they should be getting.
>> ______________________________**_________________
>> wp-hackers mailing list
>> wp-hackers at lists.automattic.**com <wp-hackers at lists.automattic.com>
>> http://lists.automattic.com/**mailman/listinfo/wp-hackers<http://lists.automattic.com/mailman/listinfo/wp-hackers>
>> Marko Heijnen <mailto:mailing at markoheijnen.**nl <mailing at markoheijnen.nl>
>> >
>> March 19, 2013 10:01 AM
>>
>> Hey Sinan, That is saying more about you then me.
>>
>>
>> Dobri:
>> Obviously WordPress had security risks. Just like every other platform
>> but showing the version number in the head doesn't make a difference.
>> Also if I'm correct most of the recent vulnerabilities where for
>> registered users. Things they could do but shouldn't be able.
>>
>>
>>
>> ______________________________**_________________
>> wp-hackers mailing list
>> wp-hackers at lists.automattic.**com <wp-hackers at lists.automattic.com>
>> http://lists.automattic.com/**mailman/listinfo/wp-hackers<http://lists.automattic.com/mailman/listinfo/wp-hackers>
>> Sinan <mailto:sinan at sinanisler.com>
>> March 19, 2013 9:58 AM
>>
>> @Marko Heijnen
>>
>> I dont have respond to that.
>>
>>
>> 2013/3/19 Marko Heijnen <mailing at markoheijnen.nl>
>>
>>
>>
>>
>> Marko Heijnen <mailto:mailing at markoheijnen.**nl <mailing at markoheijnen.nl>
>> >
>> March 19, 2013 9:55 AM
>>
>> This isn't a security risk at all. If you think bots check your version
>> then you are wrong. Also WordPress isn't the security risk. The plugin you
>> are using are.
>>
>>
>> ______________________________**_________________
>> wp-hackers mailing list
>> wp-hackers at lists.automattic.**com <wp-hackers at lists.automattic.com>
>> http://lists.automattic.com/**mailman/listinfo/wp-hackers<http://lists.automattic.com/mailman/listinfo/wp-hackers>
>>
> ______________________________**_________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.**com <wp-hackers at lists.automattic.com>
> http://lists.automattic.com/**mailman/listinfo/wp-hackers<http://lists.automattic.com/mailman/listinfo/wp-hackers>
>



-- 
Sinan İŞLER
sinanisler.com <http://www.sinanisler.com>
fb.com/sinanisler

More information about the wp-hackers mailing list