[wp-trac] [WordPress Trac] #5311: HTTP-header X-Pingback when
pingbacks are turned off
WordPress Trac
wp-trac at lists.automattic.com
Sat Nov 3 06:11:46 GMT 2007
#5311: HTTP-header X-Pingback when pingbacks are turned off
---------------------+------------------------------------------------------
Reporter: ose | Owner: anonymous
Type: defect | Status: new
Priority: low | Milestone: 2.4
Component: General | Version: 2.3.1
Severity: minor | Keywords: http pingback security
---------------------+------------------------------------------------------
When switching off pingbacks under options/discussion, wordpress still
sends an X-Pingback http header back to the browser.
This has two disadvantages:
- It causes unnecessary traffic by other servers trying to ping wordpress
- It reveals more information then necessary (essentially reveals that a
server is running wordpress even if the web master tries to hide that fact
in other places for security reasons).
Expected behavior: When pingbacks are disables, wordpress should not send
the X-Pingback header to the browser.
--
Ticket URL: <http://trac.wordpress.org/ticket/5311>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list