PHP and WordPress version disclosure scan

What It Checks

This scanner verifies whether your site discloses your WordPress version and your server's PHP version. When an attacker wants to hack into a WordPress site, they will search for all available information. The goal is to find something useful that will help them penetrate your site. Do not let them easily find any information.

Why It Matters

When an attacker wants to hack into a WordPress site, they will search for all available information. The goal is to find something useful that will help them penetrate your site. Do not let them easily find any information.

What You'll See

Good Status:

• Your site does not reveal either your WordPress version or PHP version.
• The protection preventing your site to disclose your PHP version has been activated.
• The protection preventing your site to disclose your WordPress version has been activated.

Bad Status:

• The website displays the PHP version in the request headers.
• The website displays the WordPress version in the homepage source code.
• The readme.html file should not be accessible by anyone to avoid revealing your WordPress version.

Warning:

• Unable to determine if your homepage is disclosing your WordPress version or PHP version. But you can activate the WordPress Version Disclosure protection and the PHP Version Disclosure protection from the Sensitive Data module.
• Unable to determine if the readme.html file is disclosing your WordPress version. But you can activate the WordPress Version Disclosure protection from the Sensitive Data module.

How to Fix

Activate the WordPress Version Disclosure protection and/or the PHP Version Disclosure protection from the Sensitive Data module. These protections will hide version information from your site's source code and headers.

WordPress and PHP Version Disclosure