Quick Online Tips
About     Contact

Security Update : Everyone Knows Your WordPress Version!

I was in a recent discussion with several WordPress bloggers, who were waiting in the sidelines to upgrade their WordPress versions to the latest recommended security upgrade WordPress 2.0.7 which fixes several PHP bugs and feed issues. Their laziness or fear to upgrade was based on the pretext that who knows their WordPress blog version anyway – I told them everyone knows your WordPress version!

If you look at the source code of any WordPress blog (easily possible in any web browser by going to View > Page Source), you will see
<# meta name="generator" content="WordPress 2.0.7">

This is autogenerated by a php code in your header.php
<# meta name="generator" content="WordPress <#?php bloginfo('version'); ?>
<#!-- leave this for stats -->

So unless the WordPress blogger has removed the code purposely (reluctant by the comment that you should leave it for stats), anyone can easily find your wordpress version and hack into your WordPress bugs. So the excuse that nobody knows your version and hackers would not waste time targeting your blog is no good…

Upgrade regularly to the latest WordPress version which will give you new features and bug fixes. WordPress 2.1 is released and if you are waiting for your wordpress plugins to update, have no fear and upgrade with confidence.



6 Responses

  1. I see that you didn’t upgrade to 2.1 yourself :)
    when you gonna upgrade?

    Enblogopedia posted on 29/01/2007

  2. WP 2.0.7 is the essential security upgrade for everyone. WordPress 2.1 is the new version which I will get once the bugs are gone in and my plugins become compatible. Should happen in the next few days…

    QuickOnlineTips posted on 30/01/2007

  3. Recent version of WP will include the metadata line even if you remove it from your theme header.php. You may edit the code, or disable that action in your function.php file in the theme directory.

    remove_action(‘wp_head’, ‘wp_generator’);

    should work.

    Hendry Lee posted on 19/11/2008

  4. Is there a file within WordPress that contains the WP version, which WordPress reads each time you log in to the backoffice of your blog?

    Tom

    Tom McCarrick posted on 11/07/2009

  5. Thanks for the tip. I deleted my wordpress version tag.

    abo prämie posted on 30/09/2009
Newer Comments »