Tag Archives: disclosure

The WordPress Meta “generator” Tag Paranoia

WordPress Version

…or “WordPress Version Fingerprinting”

I have read dozens of “How to secure your WordPress” articles, and one common “tip” among others is getting rid of the “generator” tag in the HTML head, for additional security through obscurity.

WordPress uses the meta “generator” tag to “disclose” its version. The paranoia surrounding this fact is unbelievable, and they think that by removing it they harden WordPress. And that is absolutely not true.

Continue reading



WordPress Newsletter Plugin Multisite Vulnerability

WordPress Newsletter Plugin Vulnerability

I have had the opportunity to work with the WordPress Newsletter Plugin from Tribulant, a plugin that rivals the free MailPress plugin, but with its own twist (and its own pricetag of $54.99 single license, $274.95 unlimited).

The WordPress Newsletter Plugin copy starts out by shouting:

A WordPress newsletter plugin which will, without a doubt, blow your mind away with its feature set…

And it does, after you take a look at one of its core features that they’re proud of:

Both PHP, HTML, CSS and WordPress shortcodes can be put into themes.

Newsletters: Themes Documentation

See anything wrong with that?

Continue reading