Keep your WordPress blog secure
It's happened again today: a chum running WordPress has told me their blog has been hacked. With a sinking feeling I asked, what version are you using? It's 2.2: five versions out of date.
It can't be said too often: keep your WP install up to date. The good news is that 2.7 has an inbuilt upgrade option, so that you only need to click one button, and it'll upgrade itself. 2.7 comes out in a couple of weeks.
And in the meantime, all WordPress users should remove the line that advertises what version they're using: why tell hackers just what exploit is going to work on your blog? You need to make two very easy changes to your theme to do this:
- Check the header.php file for a line like this:
<meta name="generator" content="WordPress <#?php bloginfo('version'); ?>
<#!-- leave this for stats -->
If it's there, remove it. - Add the following to your functions.php file (after the first <?php ): it will stop WP automatically publishing the WP version in your page headers:
remove_action('wp_head', 'wp_generator');
It's worth spending two minutes editing: it'll save you having to delete viagra ads and other nasties (and being told off by your blog mum) later 
Tags: functions.php, header.php, headers, security, version number
Posted by Sue on November 18, 2008 in WordPress.
Ohhh thank you! Have updated header.php and functions.php as suggested!
Strange thing - I clicked on the comment button, and got a rather intricate patterned background until it cleared and I could read Chris' comment. Deliberate?
Things in the sidebar loading from other servers and so slowing the page down, Lynne. I think I will reconsider what we have in the sidebar... I like the Skribit box (or I will, if people use it) but the load time is horrible.