Simple WordPress Security Fix
What the WordPress developers insist on doing to WordPress in each new minor version release is truly amazing. Their actions speak louder than words. The best interests of Bloggers are apparently not always one of their top priorities. On this post, John H. Gohde explains a couple of different ways to implement a simple WordPress security fix that will override one of their maybe not so applaudable changes.
WordPress Security Fix Alert
Either it was extremely thoughtful of Peter Westwood to implement his centralization of the generation process in WordPress, or it was an unbelievably bad idea to have WordPress itself advertise to the world which version of WordPress a blog is running. Coming from the point of view of a PHP coding dabbler, it amounts to yet another security blunder that the WordPress developers are amazingly expecting each Blogger to individually override. And on top of all that, even the necessity for this simple WordPress security fix is not at all well advertised.
In a previous post entitled: What version are you running, John had alerted his readers to the fact that you should remove a line of code that has been added to the header template of most WordPress themes. However, ever since about version 2.5 WordPress has been automatically displaying the version number, itself. Peter Westwood in his rather unknown post, comments on this and actually provides the coding needed for a plugin that will turn this feature off.
A Simple Security Fix Is Needed
The coding causing the security issue in WordPress is HTML markup coding that looks something similar to the following.
Hackers have bots crawling the Web looking for blogs running specific versions of WordPress. But apparently, WordPress is more interested in claiming credit for creating your blog, then they are in protecting bloggers from this well known security issue.
John H. Gohde would like to thank Peter for providing him with this simple WordPress security topic to write about. Bloggers have basically three different ways to deal with this WordPress security problem. Bloggers as suggested by Peter, could write their own plugin. They could simply install and activate a plugin written by somebody else. Or, Bloggers could add a more permanent fix to their own theme.
The easiest way to address this problem is by installing the Hide WordPress Version Information plugin, version 1.0 by Sean Carlos. This plugin is virtually nothing more than the plugin coding suggested by Peter Westwood, plus a bunch of none functioning text where Sean Carlos more or less takes credit for Peter’s work by providing a functioning plugin that can be downloaded and installed.
Simple WordPress Security Fix Added To Your Theme
But with something so simple, John H. Gohde suggests that you just try adding the code directly to your theme. First, create a new template called hide-wp-version.php with the following PHP code using any text editor, and upload it to your theme directory.
// Hides WordPress Version Information on the webpages of your blog.
function i_want_no_generators()
{
return ”;
}
add_filter(‘the_generator’,‘i_want_no_generators’);
?>
When PHP functions are added to your theme, you have to execute the code somewhere. To do that simply add the following line of code to the very first line of your Header (header.php) template using WordPress’s Theme Editor.
This simple solution offers one less plugin to fool with. As long as your blog is up and operating, your WordPress version number will be hidden. And, putting it in a separate template means that you will never have to look at the code again.