Opened 17 years ago
Closed 17 years ago
#5311 closed defect (bug) (invalid)
HTTP-header X-Pingback when pingbacks are turned off
Reported by: | ose | Owned by: | |
---|---|---|---|
Milestone: | Priority: | low | |
Severity: | minor | Version: | 2.3.1 |
Component: | General | Keywords: | http pingback security |
Focuses: | Cc: |
Description
When switching off pingbacks under options/discussion, wordpress still sends an X-Pingback http header back to the browser.
This has two disadvantages:
- It causes unnecessary traffic by other servers trying to ping wordpress
- It reveals more information then necessary (essentially reveals that a server is running wordpress even if the web master tries to hide that fact in other places for security reasons).
Expected behavior: When pingbacks are disables, wordpress should not send the X-Pingback header to the browser.
Change History (1)
Note: See
TracTickets for help on using
tickets.
The options under options..discussion are not a global option for whether or not pingbacks are enabled but are just the defaults for new posts.
There is no option to disable pingbacks.