How to stop your WordPress blog from being hacked (or banned by Technorati)

I got banned from Technorati a long time ago. Apparently releasing free themes is bad (and get’s lots of inbound links) only fair I guess 🙁

Anyway, Technorati have dropped off my radar recently, their constant redesigns and confused product are pushing people away, and since they’ve been dropped by WordPress I don’t visit at all. The thing I am most interested in is the recent announcement that they’re “suspending” blogs using old versions of WordPress.

Personally I feel this is a well meaning, but misguided, attempt to keep the site clean. I think it’s misguided for two reasons. Firstly, they are going to be blocking a lot of blogs that haven’t been hacked, and secondly they are no doubt letting through a lot of blogs that have been compromised, and then upgraded (with the blog owner none the wiser).

A recent post on CodeScheme – Technorati and WordPress explains how to stop this from happening to you.

Essentially many WordPress blogs have a small snippet of code added to the WordPress header that details what version of WordPress is being used. This makes the sites easy targets for hackers looking for old versions of the software to attack.

<meta name="generator" content="WordPress 2.5" />

All the hackers have to do is go to Google and enter the string above and they will have many thousands of blogs ripe for the picking.

I have always coded my own themes, and so have never included this code however when working with the latest version of WordPress I noticed that the theme was including the generator code for me. That is, WordPress is now outputting the WordPress version into your theme – opening your site up to potential security issues.

Normally I am happy to let WordPress do it’s own thing, generally it’s for the greater good, but in this case I make an exception. I am not going to give the hackers an additional target, solely so that Automattic can see how many sites use their software (the only reason I can think of to include the code).

Thankfully it only took me 5 minutes to work out a solution. The code was added through a WordPress plugin hook… so can easily be removed again using the same hook. All you have to do to protect your blog is add the following line of php to a file called functions.php in your theme directory.

<?php remove_action( 'wp_head', 'wp_generator' ); ?>

That’s it.

I considered making a plugin for this but figured it was so simple there was little point. If anyone wants me to make one then let me know and I will rustle something up.

Let me know what you think on Mastodon, or BlueSky (or Twitter X if you must).

WordPress News

The latest WordPress updates from the WPBriefs Podcast.

Related Posts

27 May 2013

WordPress: 10 Years Young, What Does The Future Hold?

WordPress is now 10 years old. I started using wordpress 9 years ago – which means I joined the WordPress community early on. The reason I chose WordPress is simply because of the fabled 5 minute install process – I...
30 Apr 2005

The Design One

I mentioned in my first post that I was going to do a run down of how I redesigned this site. It’s taken a while to put together but here it is.Binary Moon – a brief historyI started Binary Moon...
01 Apr 2015

The State of WordPress Themes #wcldn

I recently spoke on a panel at WordCamp London 2015e. Lance – who used to be the Theme Team lead at WordPress.com – asked me if I wanted to speak on a panel with him at WordCamp London 2015. I’ve...
17 Oct 2012

WordPress Social Network Aggregation

I really like the idea of a Tumblog – and even have one on Tumblr.com – but I don’t promote it anywhere. Conceptually it’s great – but I don’t like not having control over my content.What I would really like...
13 May 2010

6 Tips to Build Better WordPress Themes

If you want to make WordPress themes, for clients, to release for free or to sell, then there are a lot of factors you need to take into consideration. Below are some hints and tips that should help ease your...
22 Nov 2014

WordPress 4.1 Improvements for Theme Developers

WordPress 4.1 is bringing with it a couple of cool new additions for theme developers. They’re things that are currently a bit messy to implement in themes. For me they are things that I do the same way in all...