
外掛標籤
開發者團隊
原文外掛簡介
Version Cloak is a hardening plugin that reduces the information opportunistic, automated scanners can read about your site. Version-matching bots fingerprint a site, look up known issues for the detected versions, and probe the easy targets first. This plugin shrinks that fingerprint.
Important: this plugin obscures version and endpoint information. It does not patch vulnerable code. Keep your plugins, themes, and WordPress core updated — obscurity is a complement to patching, not a replacement for it.
Two version modes (per dropdown)
For WordPress core and for plugins & themes, choose one of:
Off — leave the real version visible.
Obfuscate — remove or block the version so it can’t be read.
Decoy — report a plausible current version (auto-detected latest, or a value you set) so the site reads as up to date.
What it covers
The WordPress tag, feed generators and the WLW manifest.
Version query strings (?ver=) on enqueued CSS/JS, and the same inside inline CSS.
Version classes on the
Plugin-emitted tags.
Plugin version strings in HTML comments (e.g. SEO plugins).
Static version files served directly by the web server — readme.txt, changelog.txt, release_log.html — and version banner comments in CSS/JS assets. In Obfuscate these are blocked (Apache/LiteSpeed .htaccess, or an Nginx rule you add); in Decoy their version strings are rewritten and automatically reverted when you switch back.
WordPress core readme.html / license.txt, and the install.php / upgrade.php setup pages (blocked for non-logged-in visitors so admins can still run updates).
Other hardening
XML-RPC — disable and return 404, or keep it but remove pingback and system.multicall.
WP-Cron — disable the HTTP pseudo-cron and block external hits to wp-cron.php (with an optional secret token for your system cron).
REST user enumeration — block the anonymous /wp-json/wp/v2/users endpoint.
Author enumeration — block the ?author=N redirect that leaks usernames.
Reversible
Setting a mode to Off, or deactivating the plugin, restores the real version strings and removes the .htaccess rules — the site returns to its normal state.
