WordPress 3: Developing Secure Sites
Illustration by John Hersey

Removing version numbers


From:

WordPress 3: Developing Secure Sites

with Jeff Starr

Video: Removing version numbers

A big part of good security is keeping sensitive information away from the bad guys. WordPress has one particular weakness in this department: it likes to display its version number in the source code of your web pages and feeds. The WordPress version number is displayed in the source code of your web pages, and it looks like this here. The version number is also displayed in your RSS feeds, and the version number is also displayed elsewhere and in other feeds. This information seems harmless but may enable attackers to target security holes in specific versions of WordPress.

Start your free trial now, and begin learning software, business and creative skills—anytime, anywhere—with video instruction from recognized industry experts.

Start Your Free Trial Now
please wait ...
Watch the Online Video Course WordPress 3: Developing Secure Sites
2h 36m Intermediate Jun 27, 2011

Viewers: in countries Watching now:

This course explains how to secure self-hosted WordPress sites, including site configuration, code modification, and the use of free plug-ins. Beginning with the basics of site security, author Jeff Starr explains how to harden a WordPress site by configuring authentication keys, setting proper file permissions, and removing version numbers. The course shows how to implement a firewall, prevent automated spam, and control proxy access, and concludes with a series of advanced tips and site security best practices.

Topics include:
  • Backing up and restoring your site
  • Setting up strong passwords
  • Choosing trusted plugins and themes
  • Protecting the configuration file and the admin directory
  • Securing the login page
  • Fighting comment spam
  • Blocking access and detecting hacks
  • Finding and reporting vulnerabilities
Subjects:
Developer Web
Software:
WordPress
Author:
Jeff Starr

Removing version numbers

A big part of good security is keeping sensitive information away from the bad guys. WordPress has one particular weakness in this department: it likes to display its version number in the source code of your web pages and feeds. The WordPress version number is displayed in the source code of your web pages, and it looks like this here. The version number is also displayed in your RSS feeds, and the version number is also displayed elsewhere and in other feeds. This information seems harmless but may enable attackers to target security holes in specific versions of WordPress.

In this screencast, we'll see how to better protect your site by preventing WordPress from announcing its version number. Let's peek behind the scenes at the HTML markup for the homepage of this WordPress demo site. Notice here in the head section that WordPress is providing the version number of this installation right here. This information is used by hackers and automated scripts to attack specific versions of the software. We can also see it in the source code of the various feeds that WordPress generates.

Returning to the homepage, click on the RSS link, and we see right here the version number of WordPress, displayed in the source code. Of course, if you're always running the latest most up-to-date version of WordPress, there is no reason not to show this information, but people can't always upgrade the minute a new version of WordPress is available. So it's smart to play it safe and just prevent the information from being displayed on any occasion. Let's return to the FTP editor.

So to stop WordPress from displaying its version number, let's navigate to our active theme, which for the demo site is the default TwentyTen theme. Then we open our theme's functions.php file, as we have done here. We want to add the following lines of code to the bottom of this file. Included with the screencast is this code here, which you may copy and then paste after all other code in the functions.php file.

Now let's save the file and upload it to the server. Here in the source code, we can see that the version number is no longer available, not being displayed, and that's a good thing, but that's not the only place, as we have seen. So let's check the RSS feed. As we can see, our code snippet in the functions.php file has prevented WordPress from displaying its version number in the RSS feed as well. In fact, with that code in place, WordPress will not display the version number anywhere that is easily accessible by hackers and people who want to exploit your site.

In this screencast a simple code snippet in the functions.php file stops WordPress from displaying sensitive information in feeds, posts, pages, and everywhere else. By simply disabling the version generator, we add yet another layer of security to our WordPress-powered site.

There are currently no FAQs about WordPress 3: Developing Secure Sites.

 
Share a link to this course

What are exercise files?

Exercise files are the same files the author uses in the course. Save time by downloading the author's files instead of setting up your own files, and learn by following along with the instructor.

Can I take this course without the exercise files?

Yes! If you decide you would like the exercise files later, you can upgrade to a premium account any time.

Become a member Download sample files See plans and pricing

Please wait... please wait ...
Upgrade to get access to exercise files.

Exercise files video

How to use exercise files.

Learn by watching, listening, and doing, Exercise files are the same files the author uses in the course, so you can download them and follow along Premium memberships include access to all exercise files in the library.


Exercise files

Exercise files video

How to use exercise files.

For additional information on downloading and using exercise files, watch our instructional video or read the instructions in the FAQ .

This course includes free exercise files, so you can practice while you watch the course. To access all the exercise files in our library, become a Premium Member.

Join now Already a member? Log in

* Estimated file size

Are you sure you want to mark all the videos in this course as unwatched?

This will not affect your course history, your reports, or your certificates of completion for this course.


Mark all as unwatched Cancel

Congratulations

You have completed WordPress 3: Developing Secure Sites.

Return to your organization's learning portal to continue training, or close this page.


OK
Become a member to add this course to a playlist

Join today and get unlimited access to the entire library of video courses—and create as many playlists as you like.

Get started

Already a member ?

Exercise files

Learn by watching, listening, and doing! Exercise files are the same files the author uses in the course, so you can download them and follow along. Exercise files are available with all Premium memberships. Learn more

Get started

Already a Premium member?

Exercise files video

How to use exercise files.

Ask a question

Thanks for contacting us.
You’ll hear from our Customer Service team within 24 hours.

Please enter the text shown below:

The classic layout automatically defaults to the latest Flash Player.

To choose a different player, hold the cursor over your name at the top right of any lynda.com page and choose Site preferences from the dropdown menu.

Continue to classic layout Stay on new layout
Exercise files

Access exercise files from a button right under the course name.

Mark videos as unwatched

Remove icons showing you already watched videos if you want to start over.

Control your viewing experience

Make the video wide, narrow, full-screen, or pop the player out of the page into its own window.

Interactive transcripts

Click on text in the transcript to jump to that spot in the video. As the video plays, the relevant spot in the transcript will be highlighted.

Learn more, save more. Upgrade today!

Get our Annual Premium Membership at our best savings yet.

Upgrade to our Annual Premium Membership today and get even more value from your lynda.com subscription:

“In a way, I feel like you are rooting for me. Like you are really invested in my experience, and want me to get as much out of these courses as possible this is the best place to start on your journey to learning new material.”— Nadine H.

Thanks for signing up.

We’ll send you a confirmation email shortly.


Sign up and receive emails about lynda.com and our online training library:

Here’s our privacy policy with more details about how we handle your information.

Keep up with news, tips, and latest courses with emails from lynda.com.

Sign up and receive emails about lynda.com and our online training library:

Here’s our privacy policy with more details about how we handle your information.

   
submit Lightbox submit clicked
Terms and conditions of use

We've updated our terms and conditions (now called terms of service).Go
Review and accept our updated terms of service.