Remove WordPress version from Graphene files!

  • Graphener

    #1924

    Hi,

    I notice that WordPress version is explicitly mentionned in Graphene theme folders! I removed it from WordPress files but it still displayed in Graphene!

    This is a huge drawback for the security of WP-based websites. Most WP-based websites and blogs are hacked continuously because of suh information rendered available for hackers and malicious people.

    It’s a bad idea to let hackers know which version, theme, plugins or tools are used in a website. They could expoloit it easily and hack people. As those information offer valuable source as opened door for them.

    I have already removed WordPress links from the meta tag but unforntunately I still see them in Graphene folders!

    So, is there a way to remove WordPress version and WP links from Graphene theme?

    Also, hide Graphene theme version, too?

    Thank you

    Graphener

    #29748

    I just would like to add that compared to Joomla, WordPress is gas-works! Joomla is robust and reliable CMS. There is no much mention of Joomla in the source code, which make it highly secure, compard with WordPress, which is proud to show hackable information for visitors!

    Prasanna SP

    #29749

    Graphene does not add any information about wordpress version. It is generated by by WordPress itself. You can remove it by following this post. http://www.prasannasp.net/how-to-remove-wordpress-version-from-head-section/

    If you want to remove “Powered by WordPress and …..” from graphene footer, just search in this forum. It is answered 2-3 days back.

    You should not remove Graphene version since it is required for update notification/ automatic update.

    WordPress is not so robust and secure!? Oh really?? It makes up 16% of the website in this universe. How that much of people can use it if it is so buggy? You should bother about the loop holes in plugins and security of your server. Not about the CMS itself! Because it is driven by the community of die hard coders.

    Admin

    Syahir Hakim

    #29750
    Quote:
    I notice that WordPress version is explicitly mentionned in Graphene theme folders! I removed it from WordPress files but it still displayed in Graphene!

    Those are mostly comments, or specific version numbers that needed testing. They don’t reveal which version of WordPress your site is running.

    Quote:
    This is a huge drawback for the security of WP-based websites. Most WP-based websites and blogs are hacked continuously because of suh information rendered available for hackers and malicious people.

    It’s a bad idea to let hackers know which version, theme, plugins or tools are used in a website. They could expoloit it easily and hack people. As those information offer valuable source as opened door for them.

    As long as you’re using the latest version of WordPress, plugins, and themes, this shouldn’t be much of an issue. There’s really no way you can prevent somebody from determining the WordPress version you’re running. I can, for example, compare the loaded jQuery on your site with the ones included in every WordPress releases to determine which WordPress version you’re using. So you see, it’s not that they don’t want to hide the version number, but that it’s simply a futile effort.

    But ultimately, it doesn’t matter. Security should be built into the codes, not achieved by hiding codes. WordPress has a WP-Hackers list exactly for discussing this sort of issue, among others. Any discovered security vulnerability is usually reported to the WordPress core dev, and security patch release will quickly follow.

    Quote:
    Also, hide Graphene theme version, too?

    Not possible. The version number is in the theme’s stylesheet, which is used by WordPress to determine what version the theme is, so that it can properly check for updates, etc.

    But like I said, it doesn’t matter. You’re really nitpicking on the small stuffs with little possible gain, if any. You should be more concerned with your server setup, regardless of whether you’re on a shared hosting or a private hosting. You should also be more concerned with what plugins you’re using and how secure they are.

    Most plugin and theme developers do their best to eliminate any security vulnerabilities in their code, but it’s not a perfect world, and it never will be. The best everyone can do is to report any vulnerabilities they find, and usually the developers will be more than happy to release a fix quickly. The WordPress community is very accommodating when it comes to security fixes. For example, if somebody reported to me about security vulnerability in the Graphene theme, I can release an update within a matter of hours, instead of a few days or even weeks sometimes for standard theme updates to be approved.

    Graphener

    #29751

    Actually, I tried with other theme and I didn’t see any version or notification to its codes and path! I also tried Joomla, and it is very robust, much more than WP, I think!

    Yes, I’m on shared hosting, this is why I’m concerned by website security. Host provider couldn’t prevent visitors to know which plugins, theme and CMS is used! It couldn’t neither protect the hosted websites! His work is to host much more than to secure.

    For Prasanna, the most hacked websites are those with WP build! Search the web and you will get it!

    Making WP folders public looks like if you tell someone, hey, I have a house at WordPress address, you can come and get in!

    I know, mention it is a form of recognition and self-satisfaction but this is on the behalf of security!

    I think a good tool will be much better adverised and adoptable when it is secure and user-firendly than when it is just advertised at any rate, for the sake of advertissement only!

    Mod

    Kenneth John Odle

    #29752
    Quote:
    the most hacked websites are those with WP build

    Which begs the question why you are using WordPress in the first place.

    For the record, I’ve five blogs, all running WordPress and Graphene, and they have never been hacked. I am, however, very judicious about which plugins I use, I upgrade whenever upgrades are available, and I do what I can to make my server secure.

    Quote:
    Host provider couldn’t prevent visitors to know which plugins, theme and CMS is used! It couldn’t neither protect the hosted websites! His work is to host much more than to secure.

    A web host who isn’t concerned about the security of the websites he is charging people money to host? Sounds like it’s time to find a better web host.

    Prasanna SP

    #29753

    @Ken, no matter how deeply we can explain facts, some people will never believe us.

    (I hope nobody will take it personal..)

    sanuja.com

    #29754

    I know several City and Provincial government services in Canada including the Emergency Response sites that runs WordPress on their main site. While I agree that WP is easy to hack compared to Drupal and Joomla, it is often caused by bad plugins and themes. I think graphene is a very good theme with a great developer behind it.

    If you need super hyper security, then you should NEVER ever use a CMS to run the site. For example, the federal government sites in Canada have no CMS what so ever. The updates on sites are done using secure custom databases.

    Having said that, I deleted version information .text file and readme.text file. Also I deleted setup information file from wp-admin and wp-content folders. I also removed all the unused plug-ins. Don’t just disable them; delete them. No system is perfect, but WP is the easiest system to learn. I could teach an elementary school kid to update a site built using WP compared to complicated backend of Drupal or Joomla.

    Graphener

    #29755
    Quote:
    Which begs the question why you are using WordPress in the first place.

    I’m just trying right now! I may switch to Joomla or Drupal or another system afterward! I’m comparing and see what would be the most relevent for me.

    Quote:
    For the record, I’ve five blogs, all running WordPress and Graphene, and they have never been hacked.

    Hacking WP is easy but not systematic. It depends on the content/type of your blog/site! E-commerce and money sites are more likely to be targets for hackers than education or sport sites!

    Quote:
    A web host who isn’t concerned about the security of the websites he is charging people money to host? Sounds like it’s time to find a better web host.

    Do you know a lot suchs host providers that will protect sites for you?

    Personally, I don’t know!

    Graphener

    #29756
    Quote:
    @Ken, no matter how deeply we can explain facts, some people will never believe us.

    (I hope nobody will take it personal..)

    After your new look, I can’t beleive you ;)!

    Just a joke!

    Well, it depends what is a “fact”!

    Facts are “subjective” term! Which is a fact for X, it may be not for Y.

    It’s true that WP is used for millions of blogs but the e-commerce sites doesn’t use it, or very rarely!

Viewing 10 posts - 1 through 10 (of 19 total)

You must be logged in to reply to this topic.