Gathering Wordpress Version Of A Website/Blog
To Hack a Wordpress Website/Blog Hacker tries to find out the version number of that CMS (Content managing System). A Content Management System (CMS) is a computer program that allows publishing, editing and modifying the content as well as maintenance from a central interface. Such systems of content management provide procedures to manage workflow in a collaborative environment So he could go and search on Exploit databases for possible exploits.
For example: Take http://ethicalhacking1.com/blog
In a Wordpress blog Hacker can easily find out some one's version number by just viewing the source of that particular blog.
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://gmpg.org/xfn/11">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Ethical Hacking, Network Security, Cyber Security with Sahil Baghla</title>
<meta name="generator" content="********" /> <!-- Leave this for stats -->
<script type="text/javascript">
/***********************************************
Now it's not a good idea to expose your version number because it will make your Website/blog more vulnerable to hackers.
There are a couple of ways through which you can hide your version numbers, The simplest one is to add the following code inside your functions.php file
remove_action('wp_head', 'wp_generator');
Moreover there are a couple of other plugins which can help you hide your Wordpress plugin, Just google for them.
Well even if anyone is using plugins to hide their Wordpress version number,
it is still possible for a hacker to determine your version number, All the hacker has to do is to add "/readme.html" after the websites URL.
it is still possible for a hacker to determine your version number, All the hacker has to do is to add "/readme.html" after the websites URL.
Countermeasures:
1. Use a good plugin that can hide your Wordpress version number.
2. Always update your Wordpress to the latest version.
3. Either delete readme.html file or change it to something like readme.php file.
NOTE::The Text Highlighted in Red is The version Of the blog..
Posted By: Anshuman Kak
Comments
Post a Comment