You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This isn't a bug request, more of a question about security and publicly showing the version number.
I just installed and the first thing I noticed was the version number on the admin page.
I know this has been an issue in the past for Wordpress and Joomla where the version numbers were added as generator tags in the html of the websites. When a security issue arose, hackers used to scan sites and version numbers to find vulnerable installs.
Is there any need to have the version number publicly accessible or can it be removed and only show once logged into the admin area?
The text was updated successfully, but these errors were encountered:
Just a simple point explained: hackers don't send 2 requests to a site, 1 to see if the version number matches, and one to exploit a hole. They just send the second query, which will work or not depending on the version. Displaying or hiding version doesn't do much (if this was the case, WordPress who powers something like 28% of the whole interweb, or Joomla, or any other, would have responsibly stopped doing this ages ago)
Regarding the "is it on the wiki" question: the philosophy of YOURLS is to keep things simple and have an API to allow that practically anything can be done with a plugin. See https://github.com/YOURLS/YOURLS/wiki/Plugin-List.
Technical details regarding my environment
This isn't a bug request, more of a question about security and publicly showing the version number.
I just installed and the first thing I noticed was the version number on the admin page.
I know this has been an issue in the past for Wordpress and Joomla where the version numbers were added as generator tags in the html of the websites. When a security issue arose, hackers used to scan sites and version numbers to find vulnerable installs.
Is there any need to have the version number publicly accessible or can it be removed and only show once logged into the admin area?
The text was updated successfully, but these errors were encountered: