What have you done to secure your websites? One of the common suggestions is to hide the version number of your software. The argument goes that if you haven’t upgraded your software, showing the version number allows hackers to identify out of date software. Now there is a new wrinkle as Google announces that they will help webmasters by notifying them of out of date software. The catch? They will use the meta tag containing the version number.
Out of date software
With public content management software such as WordPress, Drupal, Joomla and others, the code is publicly available to all including malicious hackers. Because of this, there are regular updates to the software in this endless battle to keep the software secure. Websites that do not keep up with these updates are vulnerable and hackers can use the version number shown in the generator meta tag to identify such out of date software.
Security through Obscurity
Some people advise webmasters to hide the version number either by editing the software or using a security plugin that does this. However hackers can quite easily probe software for vulnerabilities without using the version tag. This false sense of security is no replacement for up to date software.
Google notifies webmasters of new software updates
Google originally ran a test to notify WordPress users who were using an out of date version that was vulnerable to hackers. This was quite successful and now they want to expand this to other types of software and include plugins and extensions. Instead of just notifying webmasters of vulnerabilities, they will notify them of new versions regardless of whether it addresses a vulnerability or not.
These notifications will be sent as messages on the Google webmaster tools account. If you do not have an account, the messages will be waiting when you do open an account.
Google feels that using the version meta tag has greater potential for good than bad and I have to agree. The first messages should go out very soon. You can read more on the Google Webmaster Central Blog
