Remove version information from login page

[robwent]

Technical details regarding my environment

• YOURLS version: 1.7.2
• PHP version: 7

This isn't a bug request, more of a question about security and publicly showing the version number.

I just installed and the first thing I noticed was the version number on the admin page.
I know this has been an issue in the past for Wordpress and Joomla where the version numbers were added as generator tags in the html of the websites. When a security issue arose, hackers used to scan sites and version numbers to find vulnerable installs.

Is there any need to have the version number publicly accessible or can it be removed and only show once logged into the admin area?

[LeoColomb]

Duplicate of #1878

Please search a bit before opening an new issue! 😉

[ozh]

Just a simple point explained: hackers don't send 2 requests to a site, 1 to see if the version number matches, and one to exploit a hole. They just send the second query, which will work or not depending on the version. Displaying or hiding version doesn't do much (if this was the case, WordPress who powers something like 28% of the whole interweb, or Joomla, or any other, would have responsibly stopped doing this ages ago)

Regarding the "is it on the wiki" question: the philosophy of YOURLS is to keep things simple and have an API to allow that practically anything can be done with a plugin. See https://github.com/YOURLS/YOURLS/wiki/Plugin-List.