bs-wp-noversion plugin: Removes WordPress Version
Filed Under (Tools, WordPress) by DK on 24 December 2007

BlogSecurity Wordpress Noversion plugin (bs-wp-noversion), prevents WordPress version leakage. Another simple, yet extremely useful WordPress security plugin.

Alot of attackers and automated tools will try and determine software versions before launching exploit code. Removing your WordPress blog version may discourage some attackers and certainly will mitigate virus and worm programs that rely on software versions. 

Plugin Name: bs-wp-noversion
Plugin URI: http://blogsecurity.net/
Description: Removes the WordPress Version to prevent targetted attacks
and version fingerprinting.
Author: David Kierznowski
Version: 1.0
Author URI: http://blogsecurity.net

The plugin is available here.

Please note: This plugin may affect other plugins that rely on WP versioning.

   
Enjoy the article? Please take a second to: Digg it! | StumbleUpon it!

Read and Contribute to BlogSec News!

Comments

Tomas M. on 25 December, 2007 at 7:19 pm #

Can you give couple examples of plugins that rely on WP versioning?


DK on 26 December, 2007 at 2:25 am #

Tomas, I’m using this plugin on 3 of my blogs without any problems.

After a quick search, here is an example:
http://dev.wp-plugins.org/browser/jeromes-keywords/trunk/jeromes-keywords.php?rev=4313

$keyword = ( isset($wp_version) && ($wp_version >= 2.0) )

As you can see above, some plugins will do version queries to validate WordPress version specific functions.

Best thing to do is go through your plugins and search for wp_version. If you don’t find it, you should be fine.


Blogging Tips & News: Last Edition of 2007 :: 2k Bloggers - The Face of the Blogosphere on 29 December, 2007 at 4:12 am #

[…] bs-wp-noversion plugin: Removes WordPress Version “Another simple, yet extremely useful WordPress security plugin. Alot [sic] of attackers and automated tools will try and determine software versions before launching exploit code.” […]


294 Unread Items - [LINICKX].com on 4 January, 2008 at 12:43 pm #

[…] WordPress Plugin that removes the version info by […]


5 WordPress Security Essentials - Epiblogger on 9 January, 2008 at 4:32 pm #

[…] you don’t want to dig around in the code of your theme you can install Blog Security’s bs-wp-noversion plugin: Removes WordPress Version to remove the WordPress version for […]


lubos on 9 January, 2008 at 4:39 pm #

interestingly enough, it seems that wordpress itself is dependent on the availability of its version number - with the plugin activated, it reports (just below the menubar):

A new version of WordPress is available! Please update now.

although i have updated already… but it’s not a major problem, i guess.

or does it show this message in all installations of WP?

WRT post #1 - the maintenance mode plugin doesn’t work for me with bs-wp-noversion activated. it’s saying

You are using an outdated Wordpress version which is not supported by this plugin. Get the latest version at…


DK on 9 January, 2008 at 9:03 pm #

Lubos, thanks for the feedback. I tested this plugin on a version pre-(the whole WP latest version check thing); but yes, I would imagine this could be a prob and annoying.

Perhaps I can patch it… let me think on it.


Michael Clark on 16 January, 2008 at 5:15 pm #

DK, it’s a simple enough change. Simply add in the digit 9 for the value of $wp_version. That should work until wordPress hits version 10. :)


DK on 17 January, 2008 at 1:01 am #

Michael, I’ll give this a try :)


lubos on 17 January, 2008 at 9:10 am #

if i got michael correctly, this is rather a hack than a real solution. the best thing would be keeping the ‘check for update’ capability of wp and at the same time preventing exposure of the version to the outer world… but maybe it’s not possible - i don’t know which mechanism is wp using for this purpose.


» 6 modi per mettere in sicurezza i blog Wordpress Geekissimo on 22 January, 2008 at 12:00 pm #

[…] Nascondere il numero della versione di Wordpress installata grazie al plugin bs-wp-noversion. Molto utile in quanto non da punti di riferimento a potenziali cracker che volessero sfruttare le […]


  2 Simple Steps to Hide Wordpress Info and Better Secure Your Site. by Tdot-Blog on 26 January, 2008 at 2:55 pm #

[…] here to read more and download […]


BlogSecurity » Blog Archive » wp-no-version plugin updated on 13 February, 2008 at 10:26 am #

[…] You can get the latest version of wp-no-version here. […]


Обновлен плагин wp-no-version - Безопасность WordPress блогов on 13 February, 2008 at 1:15 pm #

[…] Скачать свежую версию плагина можно здесь. […]


Nick on 19 February, 2008 at 12:51 am #

The download link leads to a blank page…


WordPress Plugins Database » Plugin Details » bs-wp-noversion on 20 February, 2008 at 12:40 pm #

[…] Visit […]


ChaosKaizer on 20 February, 2008 at 5:44 pm #

second that. yes, download is broken
http://blogsecurity.net/projects/bs-wp-noversion.php.txt


gk on 26 February, 2008 at 6:17 pm #

The download link is broken.


DK on 26 February, 2008 at 11:46 pm #

Should be all working now.


imjuk on 27 February, 2008 at 11:48 am #

Sounds great - I’m off to download and stick this on my servers.
Hopefully it’ll make life a little bit easier in future. cheers for the heads up


Marco Lancini Weblog » 6 modi per mettere in sicurezza i blog Wordpress on 28 February, 2008 at 3:12 pm #

[…] Nascondere il numero della versione di Wordpress installata grazie al plugin bs-wp-noversion. Molto utile in quanto non da punti di riferimento a potenziali cracker che volessero sfruttare le […]


Metti in sicurezza in tuo blog targato Wordpress | Planet Games on 3 March, 2008 at 4:48 pm #

[…] 6. Nascondere il numero della versione di Wordpress installata grazie al plugin bs-wp-noversion. […]


Games Cage » evita attacchi hacker al blog tuo wordpress ecco come fare per metterlo al sicuro on 14 March, 2008 at 5:57 pm #

[…] Nascondere il numero della versione di Wordpress installata grazie al plugin bs-wp-noversion. « Download Skype […]


Qualche consiglio sulla sicurezza del vostro blog (wordpress) | Sitissimo.com on 26 March, 2008 at 12:15 pm #

[…] Nascondere la versione di Wordpress installata grazie al plugin bs-wp-noversion. Questo per non dare punti di riferimento a potenziali cracker che volessero sfruttare le […]


Vulnerable Software and Vindictive Search Engines | Blueprint Design Studio on 9 April, 2008 at 3:25 am #

[…] Our clients sites should not be affected, regardless of their version, as long as they have not disabled any plugins. We use an in-house plugin that strips the version number, among other security-related enhancements. It’s based on the bs-wp-noversion plugin, from Blog Security. […]


Ocultar la versión de WordPress | blojer on 4 May, 2008 at 2:31 pm #

[…] la etiqueta “generator” de la cabecera. Además dedes utilizar (por ejemplo) el plugin bs-wp-noversion. Pero ten en cuenta que un simple vistazo a url_de_tu_blog/wp-login.php puede hacer que cualquiera […]


Five Wordpress Tips for Power Users on 6 May, 2008 at 5:51 pm #

[…] using it will make it that much harder for them to know which vulnerabilities to exploit. Try this plugin which does exactly that. Bookmark It Hide […]


Daniel on 12 May, 2008 at 6:50 pm #

I can still see WP version in all my /wp-admin pages. Where dows this plugin hides the current version from?


Comment
Name:
Email:
Website:
Message: