- This topic has 3 replies, 2 voices, and was last updated 8 years, 4 months ago by Andrew Misplon.
Tagged: security
- AuthorPosts
- July 23, 2016 at 5:34 pm #4275
xc70ParticipantHi Andrew. I just discovered this safety information and I saw it was not implemented in Ultra theme so I added it to my child theme.
Wordpress default displays the version you are using. If a security hole is published and we do not update our theme hackers have information about our WordPress. If we do not hide this information we are giving facilities to those who want to access our admin panel.function removeHeadLinks () {
remove_action(‘wp_head’, ‘wp_generator’);
remove_action(‘wp_head’, ‘wlwmanifest_link’);
remove_action(‘wp_head’, ‘rsd_link’);
}
add_action( ‘init’, ‘removeHeadLinks’ );Have a good weekend.
July 25, 2016 at 12:42 pm #4276
Andrew MisplonKeymasterHi xc70
Thanks for sharing this tip. For sure, on your site this is a handy little security addon. Unfortunately, on WordPress.org the theme standards are quite strict. At the moment themes aren’t allowed to remove default functionality like the sort you’ve described above. Some of the security plugins out there will offer this same header information removal as an option.
Chat soon 🙂
July 25, 2016 at 2:52 pm #4277
xc70ParticipantThanks Andrew, unaware that Automattic policy for their themes. It is curious that an issue like this which is known to all further use when it is detrimental to the safety of the user.
Regards
July 25, 2016 at 3:43 pm #4278
Andrew MisplonKeymasterI hear you.
Automattic do have influence over what happens in the Theme Review team but it’s mostly a community driven project. Here is the section that would cover these links:
Specifically: No removing or modifying non-presentational hooks.
Plugins like WordFence or BetterWPSecurity (did they change their name) are however free to do this. So in summary, this is more of a plugin level task.
- AuthorPosts
You must be logged in to reply to this topic.