bs-wp-noversion plugin: Removes WordPress Version
BlogSecurity Wordpress Noversion plugin (bs-wp-noversion), prevents WordPress version leakage. Another simple, yet extremely useful WordPress security plugin.
Alot of attackers and automated tools will try and determine software versions before launching exploit code. Removing your WordPress blog version may discourage some attackers and certainly will mitigate virus and worm programs that rely on software versions.
Plugin Name: bs-wp-noversion Plugin URI: http://blogsecurity.net/ Description: Removes the WordPress Version to prevent targetted attacks and version fingerprinting. Author: David Kierznowski Version: 1.0 Author URI: http://blogsecurity.net
The plugin is available here.
Please note: This plugin may affect other plugins that rely on WP versioning.
Random Posts
If you enjoyed this post, please leave a comment or subscribe to the feed and get future articles delivered to your feed reader.
Comments
Tomas, I’m using this plugin on 3 of my blogs without any problems.
After a quick search, here is an example:
http://dev.wp-plugins.org/browser/jeromes-keywords/trunk/jeromes-keywords.php?rev=4313
$keyword = ( isset($wp_version) && ($wp_version >= 2.0) )
As you can see above, some plugins will do version queries to validate WordPress version specific functions.
Best thing to do is go through your plugins and search for wp_version. If you don’t find it, you should be fine.
[...] bs-wp-noversion plugin: Removes WordPress Version “Another simple, yet extremely useful WordPress security plugin. Alot [sic] of attackers and automated tools will try and determine software versions before launching exploit code.” [...]
[...] you don’t want to dig around in the code of your theme you can install Blog Security’s bs-wp-noversion plugin: Removes WordPress Version to remove the WordPress version for [...]
interestingly enough, it seems that wordpress itself is dependent on the availability of its version number – with the plugin activated, it reports (just below the menubar):
A new version of WordPress is available! Please update now.
although i have updated already… but it’s not a major problem, i guess.
or does it show this message in all installations of WP?
WRT post #1 – the maintenance mode plugin doesn’t work for me with bs-wp-noversion activated. it’s saying
You are using an outdated Wordpress version which is not supported by this plugin. Get the latest version at…
Lubos, thanks for the feedback. I tested this plugin on a version pre-(the whole WP latest version check thing); but yes, I would imagine this could be a prob and annoying.
Perhaps I can patch it… let me think on it.
DK, it’s a simple enough change. Simply add in the digit 9 for the value of $wp_version. That should work until wordPress hits version 10. :)
if i got michael correctly, this is rather a hack than a real solution. the best thing would be keeping the ‘check for update’ capability of wp and at the same time preventing exposure of the version to the outer world… but maybe it’s not possible – i don’t know which mechanism is wp using for this purpose.
[...] Nascondere il numero della versione di Wordpress installata grazie al plugin bs-wp-noversion. Molto utile in quanto non da punti di riferimento a potenziali cracker che volessero sfruttare le [...]
second that. yes, download is broken
http://blogsecurity.net/projects/bs-wp-noversion.php.txt
Sounds great – I’m off to download and stick this on my servers.
Hopefully it’ll make life a little bit easier in future. cheers for the heads up
[...] Nascondere il numero della versione di Wordpress installata grazie al plugin bs-wp-noversion. Molto utile in quanto non da punti di riferimento a potenziali cracker che volessero sfruttare le [...]
[...] 6. Nascondere il numero della versione di Wordpress installata grazie al plugin bs-wp-noversion. [...]
[...] Nascondere il numero della versione di Wordpress installata grazie al plugin bs-wp-noversion. « Download Skype [...]
[...] Nascondere la versione di Wordpress installata grazie al plugin bs-wp-noversion. Questo per non dare punti di riferimento a potenziali cracker che volessero sfruttare le [...]
[...] Our clients sites should not be affected, regardless of their version, as long as they have not disabled any plugins. We use an in-house plugin that strips the version number, among other security-related enhancements. It’s based on the bs-wp-noversion plugin, from Blog Security. [...]
[...] la etiqueta “generator” de la cabecera. Además dedes utilizar (por ejemplo) el plugin bs-wp-noversion. Pero ten en cuenta que un simple vistazo a url_de_tu_blog/wp-login.php puede hacer que cualquiera [...]
[...] using it will make it that much harder for them to know which vulnerabilities to exploit. Try this plugin which does exactly that. Bookmark It Hide [...]
I can still see WP version in all my /wp-admin pages. Where dows this plugin hides the current version from?
this plugins prevents exposing the WP version to the outer world.
on the other hand, when you log into the admin interface, the version is available to you (and to WP itself). it wasn’t visible using one of the older versions of this plugin and that caused some underisable effects – for example WP always complained that newer version was available…
[...] ידני (שינוי שורת קוד בקובץ header.php) או ע”י התקנת תוסף: Remove WordPress Version. מחיקת המשתמש: admin ויצירת משתמש חדש עם סיסמה חזקה. [...]
[...] BS-WP-NoVersion – BlogSecurity Wordpress Noversion plugin (bs-wp-noversion), prevents WordPress version leakage. Another simple, yet extremely useful WordPress security plugin. A lot of attackers and automated tools will try and determine software versions before launching exploit code. Removing your WordPress blog version may discourage some attackers and certainly will mitigate virus and worm programs that rely on software versions. [...]
[...] la versione di Wordpress che stiamo utilizzato, per fare ciò basta utilizzare il plugin bs-wp-noversion oppure Replace [...]
[...] you are not comfortable to edit the code of your theme you can install bs-wp-noversion plugin: Removes WordPress Version from Blog Security to remove the WordPress version for you. A simple yet useful plugin that will [...]
I stumbled on this invaluable little tool. Thanks for making this so easy! I’m going to put this in my standard wp installs.
[...] um pouco de pesquisa, encontrei um plugin específico – bs-wp-noversion – publicado pelo blog BlogSecurity.net especializado em segurança do [...]
[...] using it will make it that much harder for them to know which vulnerabilities to exploit. Try this plugin which does exactly [...]
[...] have also researched alternative solutions, and found a few, such as the bs-wp-noversion (not tested) plugin as well as a plugin by Angsuman Chakraborty, named Angsuman’s WordPress [...]
[...] have also researched alternative solutions, and found a few, such as the bs-wp-noversion (not tested) plugin as well as a plugin by Angsuman Chakraborty, named Angsuman’s WordPress [...]
[...] other plugins do check WordPress version in order to behave differently. Take a look at the comment of bs-wp-noversion plugin (which is yet another version hiding plugin). WordPress rendered broken [...]
I wish there was a plugin that would strip all wp- from inside files so we could remove wp- all together. Not sure why Wordpress feels it necessary to attach it to every thing, are they so insecure ?
[...] Pour ce qui est de la méthode simple qui enlève simplement la version de wordpress, il s’agit de deux plugins : -Le premier est disponible à cette adresse : http://just-thinkin.net/2008/04/wordpress-25-plugin-keeps-the-version-out-of-source/ -Le second est disponible à cette adresse : http://blogsecurity.net/wordpress/bs-wp-noversion [...]
Can you give couple examples of plugins that rely on WP versioning?