Blog Tool Review

Saturday, April 02, 2005

WordPress Possible Security Measure

Recently I had to help a few people with their phpBB forums because of the rash of hacking acitivity. One of the things that made the vulnerable forums stand out is the version was published for all to see in the footer pages. So all someone has to do is search for phpbb version X footprints out there and you now have a list of vulnerable forums. As I was updating the Tech Based Marketing blog today, I realized many WordPress themes including the default also betrayed their version numbers in the page footer. "Now that can't be good" I thought since WordPress is very popular and probably getting more so, sooner or later someone's bound to target them... So I did a very simple low-tech security measure - remove the version number from my footer pages. Of course this won't really beef up anything as far as code security is concerned but why make it easy for them to mutilate my page right?

posted by Lynette at 11:52 AM

2 Comments:

  • The fault's not exactly the scripts, it's got to do with PHP - yeah. So if anyone's using PHP do do their stuff, they're in for some nasties. The PHP community's real close though, so they plugged that up pretty quickly across the board. But we'll never know when the next exploit's gonna come.

    By the way, have you noticed that WordPress don't do that footer thing no more on their 1.5 release? We are talking about the default theme of course, which is an adaptation of Kubrick.

    I also happen to use discussion forums, and am very happy with the extremely fast and compact PunBB. They used to put up their version numbers by default too, but the latest releases actually have this option for you to display that - if you want. Which *really* is not a good idea.


    Ronnie Boon
    http://www.pda-1.com

    By Blogger Ron Burger, at 3:55 PM  

  • Actually yes and no. Yes, the hole was a PHP issue BUT because some scripts made it easy for people to find installations that are vulnerable to these security holes - the template issue is important. They all come into play.

    Security is not always one person/organization's problem.

    By Blogger Lynette, at 5:29 PM  

Post a Comment

<< Home