688 posts
  • Has been part of the Envato Community for over 6 years
  • Has referred 1+ members
  • Has sold $5,000+ on Envato Market
  • Has collected 10+ items on Envato Market
+3 more
_rg_ says

I found this last night. Many of them i already known, but others not.

I think is very important info:

http://semlabs.co.uk/journal/how-to-stop-your-wordpress-blog-getting-hacked

In resume, the post talks about how to deal with “Stop Hackers Finding You”... if that´s the case of course. (never happend to me yet, but….)

I post this here because reading this, and knowing what i do too, i have a question.

A good way to prevent hackers to find you is removing all the wordpress code on header and footer, for example removing the “Powered by WordPress” from footer, or Meta Generator Tag on header.

But, how is this in relation with the templates uploaded here and the copyright for wp?

I mean, this is something the final buier must do if want to, right? but not something we should insert/modify on the themes uploaded here?

What you think?

2445 posts
  • Has referred 100+ members
  • Has sold $100+ on Envato Market
  • Has been a beta tester for an Envato feature
  • Has collected 10+ items on Envato Market
+3 more
digitalimpact says

Hackers usually go for high-traffic or well-known sites. Or for something personal. Other than that, for small sites, basic security would suffice.

Regarding the removal of the WP version or other related info in the head/footer – that should be totally up to the buyer. Authors could insert documentation on how to secure the WP installation/theme, or point to the hundreds of articles on the web :)

EDIT : actually I think some do go that extra mile and give such tips.

155 posts
  • Has been part of the Envato Community for over 4 years
  • Located in Canada
  • Has collected 10+ items on Envato Market
  • Sells items exclusively on Envato Market
Warll says

Removing the “powered by wordpress” html comment and not giving credit in the footer is not about to hide a wordpress install from anyone who knows what they are doing.

You’d have to alter the behavior of a ton of code to hide even the ‘wp-content’ folder name, not to mention that the site will respond to a request for wp-adamin.

All that for what? Nothing, there is no known exploit for the latest version of wordpress.

by
by
by
by
by
by