Removing Wordpress plugin references
I'd like remove all references Wordpress plugins put into my HTML code.
Am I selfish? Or just prudent about security?
Whilst I am in no way against plugin authors advertising themselves in the HTML code of any Wordpress blogs I set up (for myself, i9000 Networks, or clients), I still feel a little concerned that the more devious of web users can instantly gain a list of plugins I use, to potentially exploit.
But wait, I'm not selfish! I'd love to give the authors kudos for all their hard work in coding the plugins I use, they are much better programmers than myself. I just don't how to do it securely.
I enjoy being anonymous, a decade's experience in hosting web sites proves this. Every day I see servers shouting the fact they are running Apache 1.3.2 and PHP 4.1.2 or similar which (may) have huge security holes in them.
Check this server, go on! All you'll get is;
Server: Apache
Which is the minimum Apache lets me. You'd never even know I use PHP. Shhh, its a secret!
So why stop there, after all, security is only as strong as the weakest link. I've anonymised my server and server software. I should now anonymise my Wordpress install, removing the
reference, footer tags and various other Wordpress-isms, but I'm not going to. After all, its still reasonably obvious if the blog is Wordpress. I can usually spot them instantly.
The next logical step is to edit all the plugins you use so they don't make any HTML comments in the code, but doing this would make me feel really guilty. Wouldn't you? Removing all references to 17 people's hard work?
With uberdose releasing updates for the All In One SEO Pack nearly daily, it would prove overly time consuming across all the Wordpress installations I have.
So, although I'd like to secure, with a by-product of apparently being selfish, there's no easy way of doing it.
Related posts:
- Crawl Rate Tracker and Wordpress 2.5
I really like Patrick Altoft's Crawl Rate Tracker Plugin for Wordpress. I rolled it out... - Using Wordpress header and footers externally
I needed to integrate a Wordpress header (header.php) and footer (footer.php) into an external application.... - Wordpress Plugin: Permalinks Moved Permanently
Saved my ass! The "Permalinks Moved Permanently", plugin allows you to update your permalink structure... - Apache, JungleDisk and Port 80
I was tearing what little hair I have trying to solve a very strange bug... - Anonymous apache & PHP
Like to be conspicuous? Like me. Then use the ServerTokens and expose_php options. On a...
March 7th, 2008 - 18:05
Great article, thanks
June 21st, 2008 - 23:55
This is a good start on securing your WordPress installation however I think this is only a preliminary thing and would only stop newbie hackers
July 9th, 2008 - 16:55
Nice blog,i will come back here everyday, greetings
August 26th, 2008 - 17:18
Web hosting I agree. The majority of serious hackers would have no trouble in piercing through that. I do understand the thought behind your dilemna however and I would do exactly the same if I ran a wordpress blog.
September 6th, 2008 - 20:36
It is a nice blog. This tutorial can come in very handy when removing plugins. Thank you.
September 12th, 2008 - 19:08
Make sure you contact your hosting provider for any info on protection against hackers. Many of them have steps in place, so it shouldn’t be a problem.
October 28th, 2008 - 01:58
Security is one of the biggest things these days. Anything you don’t use or don’t absolutely need that wont break a script is no harm removing.