Technorati and WordPress version
With Technorati now engaged in a misguided scheme to remove [edited] suspend WordPress blogs below 2.3.3 or as many as they can find, and also given the large numbers of spammers who locate WordPress using an identical method - it’s definitely time to go a little more anonymous:-
In a theme’s header.php, find:
<meta name="generator" content="WordPress <?php bloginfo('version'); ?>" />
<!-– leave this for stats please -->
And change: "WordPress <?php bloginfo('version'); ?>"
to "WordPress"
Just that, nothing else necessary. I can’t see how this is going to help Technorati, which doesn’t look in the healthiest of conditions…
Tags: security, technorati, wordpress
blogs, programming, wordpress | Lewis, 14 April, 2008
Ian Kallen — April 14, 2008 @ 1:48 pm
First of all, Technorati is not removing WordPress blogs. Suspending updates is not the same as removing them. Technorati is suspending updates where WordPress blogs appear symptomatic of being compromised; suspension is not applied to all WordPress blogs. Version data is actually very valuable for understanding these threats but the people running the exploits aren’t using it, they’re just running it opportunistically — given the large install base of vulnerable WordPress blogs there are a lot of opportunities. This exploit is effectively compromising hundreds of blogs a day. Instead of encouraging people to mask their data, I urge you to direct people to wordpress.org to find the latest recommendations on how to maintain the integrity of their publishes.
-Ian
Lewis — April 14, 2008 @ 2:08 pm
Thank you for your reply - my apologies, suspend, not remove and the post edited accordingly.
Why is the employment of a later version of WordPress any good indication that a blog is less compromised by exploits, known or unknown, on any timescale short- or long-term?
The versions change, the exploits change, the amount remains similar - I’m thinking here particularly of the various SQL injection vulnerabilities reported in WP 2.5
‘Mask their data’ is rather a strong phrase, suggesting subterfuge - there’s no law or statute commanding publication of these data… Could I ask whether you’ve asked Matt Cutts of Google to desist from the same suggestion?
JesseG — April 14, 2008 @ 2:49 pm
I think some of the spammers at least are using version data to find a Wordpress site, trackback spam definitely
Lisa — April 14, 2008 @ 5:51 pm
If there’s a difference between suspendng and deleting doesn’t say much for Technorati’s topicality
Ben — April 16, 2008 @ 3:43 pm
As of Wordpress 2.5 Wordpress prints the wordpress prints the version whether you like it or not. Think I might write a post about this
Lewis — April 16, 2008 @ 6:38 pm
Oh, never realised that - but then I’ve only tried out 2.5 on a localhost and soon gave up when the admin refused to work 100% at 800px width.
Expect someone will write a plugin to get rid of it… and more sites will be leaving Technorati
How to stop your Wordpress blog from being hacked (or banned by Technorati) » Binary Moon » The home of Ben Gillbanks — April 22, 2008 @ 9:30 pm
[…] recent post on CodeScheme - Technorati and Wordpress explains how to stop this from happening to […]