Security Update : Everyone Knows Your Wordpress Version!

I was in a recent discussion with several Wordpress bloggers, who were waiting in the sidelines to upgrade their Wordpress versions to the latest recommended security upgrade Wordpress 2.0.7 which fixes several PHP bugs and feed issues. Their laziness or fear to upgrade was based on the pretext that who knows their Wordpress blog version anyway - I told them everyone knows your Wordpress version!

If you look at the source code of any Wordpress blog (easily possible in any web browser by going to View > Page Source), you will see
<# meta name="generator" content="WordPress 2.0.7">

This is autogenerated by a php code in your header.php
<# meta name="generator" content="WordPress <#?php bloginfo('version'); ?>
<#!-- leave this for stats -->

So unless the Wordpress blogger has removed the code purposely (reluctant by the comment that you should leave it for stats), anyone can easily find your wordpress version and hack into your Wordpress bugs. So the excuse that nobody knows your version and hackers would not waste time targeting your blog is no good…

Upgrade regularly to the latest Wordpress version which will give you new features and bug fixes. Wordpress 2.1 is released and if you are waiting for your wordpress plugins to update, have no fear and upgrade with confidence.