Book Image

WordPress 3 Ultimate Security

Book Image

WordPress 3 Ultimate Security

Overview of this book

Most likely – today – some hacker tried to crack your WordPress site, its data and content – maybe once but, with automated tools, very likely dozens or hundreds of times. There's no silver bullet but if you want to cut the odds of a successful attack from practically inevitable to practically zero, read this book. WordPress 3 Ultimate Security shows you how to hack your site before someone else does. You'll uncover its weaknesses before sealing them off, securing your content and your day-to-day local-to-remote editorial process. This is more than some "10 Tips ..." guide. It's ultimate protection – because that's what you need. Survey your network, using the insight from this book to scan for and seal the holes before galvanizing the network with a rack of cool tools. Solid! The WordPress platform is only as safe as the weakest network link, administrator discipline, and your security knowledge. We'll cover the bases, underpinning your working process from any location, containing content, locking down the platform, your web files, the database, and the server. With that done, your ongoing security is infinitely more manageable. Covering deep-set security yet enjoyable to read, WordPress 3 Ultimate Security will multiply your understanding and fortify your site.
Table of Contents (23 chapters)
WordPress 3 Ultimate Security
Credits
About the Author
Acknowledgement
About the Reviewers
www.PacktPub.com
Preface
Index

Hiding the WordPress version


Suppose that a weakness is found in WordPress 3.0.1 and Automattic duly patches this with 3.0.2. Sites determined to be running the older version could be open targets.

With that in mind, browse your page source and you'll see a line like this:

Similarly, a hacker can look at a site's RSS feeds to ascertain the WordPress version. To get rid of this version leak, open up functions.php in your theme's folder, pasting this code at the top of the file:

<?php function hide_version() 
  {
  return '';
  }
  add_filter('the_generator', 'hide_version');
?>

Now refresh the source code and the version has gone, as it will have from RSS feeds.

Binning the readme

You may not know you have this file. Browse to http://yoursite.com/readme.html:

There's your version again. Delete readme.html from your WordPress root directory, not just now, but after upgrades.

Cloaking the login page and the version

There is one more place from where it is possible to work out your WordPress version...