Random Blatherings

19 Sep

Wordpress Plugin: Replace WP-Version

Do you think your blog is secure?

By default, Wordpress is flashing it’s version number to the entire internet. In itself, this isn’t a big issue. However, the security hole appears when someone trying to hack into your blog sees this little bit of information, and uses it to their advantage. Earlier versions of Wordpress (and quite possibly the current version too) have security holes that were patched (or will be) in later versions. Someone who can see that you’re running an older version will use a hack specific to that version of Wordpress, to get access to your blog. And once they have access, they can wreak a lot of havoc.

If you want to see what I’m taking about, go to any page on your blog, and view the source (usually, you’ll find this feature under View in the browser menu). What you’re looking for is right at the top of the page. A few lines down, you’ll see something like:

<meta name=”generator” content=”WordPress 2.6.2″ /> <!– leave this for stats –>

(If you’re seeing anything less than 2.6.2, shame on you! :lol: Wordpress 2.6.2 fixes a major security issue. Make sure and update as soon as possible.)

If you view the source of this page, you’ll see something like

<meta name="generator" content="WordPress 8330" /> <!-- leave this for stats -->

That’s because I’m using Replace WP-Version. It’s a Wordpress plugin that automatically hides the version number of your Wordpress installation. Once this plugin is activated, you don’t need to do anything else. No need to edit any files, or anything scary like that. Just upload and activate. And then forget about it. The plugin replaces the Wordpress version value with a random number, every time the page is reloaded. A potential hacker isn’t going to know what version of the software you’re running, so they’re more likely to look for another blog to hack.

Maybe you think your blog is too small to be bothered hacking. It isn’t. There are forms of malware out there that seek out targets like your blog to hack into, automatically. They don’t care about how many RSS feed subscribers you have, or when you last posted. You’re just a target to them, the same as any other blog. By letting them know the version number, you’re giving them an easy ride hacking in.

Use Replace WP-Version to help keep your blog safe and secure.

This entry was posted on Friday, September 19th, 2008 at 4:33 pm and is filed under Random Blatherings. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

« Advice to my younger self
Life as a table »

Leave a Reply

You'll always get a personal response, and valid HTML is allowed in your comment, as are smilies.

This site uses KeywordLuv. Enter YourName@YourKeywords in the Name field to take advantage.

© 2009 Random Blatherings | Entries (RSS) and Comments (RSS)

GPS Reviews and news from GPS Gazettewordpress logo