When ever a hacker tries to attack a
CMS(Content managing system) the first thing which he usually does is that he tries to find out the version number of that CMS, So he could go and search on Exploit databases for possible exploits, In a wordpress blog by default you can easily find out some one's version number by just viewing the source of that particular blog.
Now it's not a good idea to expose your version number because it will make your Website/blog more vulnerable to hackers, There are couple of ways through which you can hide your version numbers, The simplest one is to add the following code inside your functions.php file
remove_action('wp_head', 'wp_generator');
Moreover there are couple of other plugins which can help you hide your wordpress plugin, Just google for them.
Readme.html File Bug
Well even if any one is using plugins to hide their wordpress version number, it is still possible for a hacker to determine your version number, All the hacker has to do is to add "
/readme.html" after the websites URL.
Countermeasures
- Use a good plugin that can hide your wordpress version number.
- Always update your wordpress to the latest version.
- Either delete readme.html file or change it to some thing like readme.php file.
I hope you have learned something new today, Feel free to comment.
