• Resolved matthewseligman

    (@matthewseligman)


    Is anyone aware of how to remove the Tag from the source code?
    <!– This site uses the Google Analytics by MonsterInsights plugin v7.4.2 – Using Analytics tracking – https://www.monsterinsights.com/ –>

    It’s commonly not good practice to state the versions of plugins installed in source code as if there are any bugs the attacker searches for these snippets of code to abuse.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author chriscct7

    (@chriscct7)

    Given our plugin uses a minified js tracking file whose contents change on every release it’d be:
    A) absolutely trivial to derive the version installed
    B) no automated system actually checks the versions before trying to run exploits, they just run them and if it works it works, and if not they move on

    -Chris

    Thread Starter matthewseligman

    (@matthewseligman)

    Hi Chris,

    A) I don’t consider your branding in our source code Trivial and I wish to remove it.

    B) There are tons of automated tools that can search WordPress Version, WordPress Plugins and here’s one for example: https://nerdydata.com/search?query=MonsterInsights

    That simple query shows a 54 out of the 471,566 sites found using the plugin. The site searches by Source Code so it’s finding the word MonsterInsights in the source and majority of the mentions are related to that Tag. Some are related to inline JS.

    Most attackers search for the Plugin and Version number so I’m mainly trying to remove the Tag to avoid that.

    Note: I never considered this resolved, the Plugin Author just chose it wasn’t worth solving.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘How to Remove Tag from Source Code?’ is closed to new replies.