How to obscure your WordPress version and troll the attacker a little…

One of my company’s WordPress installations has been hacked by Turkish hackers recently. After quick investigation I’ve found that script version was little bit old (not a very popular website, mea culpa, not updated very often). In case you didn’t know, WordPress is bundled with readme file by default. I’ve found that malicious scripts or people use that to determine your version’s branch. So I’ve decided to Troll them a little bit…

To check if your site is vulnerable to version checking go to: http://yourwebsite.com/readme.html. If you can see something like this:

Default WordPress readme.html
Default WordPress readme.html

Download .htaccess file from your hosting using your favorite FTP client and edit it. Add redirect line like in example below:

RewriteEngine On
RewriteBase /
Redirect 301 /readme.html https://youtu.be/dQw4w9WgXcQ
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

In this case I’m redirecting any readme.html request to Rick Astley’s song, you know which one ๐Ÿ™‚

Let’s make Turkish hackers life harder ๐Ÿ˜€

PS. Polish website dedicated to security uses this technique to redirect their visitors to application form for training course. Check this: http://niebezpiecznik.pl/readme.html