Remotely identify the version of a WordPress installation?

The question:

How does DD32’s tool determine the WordPress version of an installation. Its not working fine for WP 3.1 but it doesn’t uses meta generator tag or the readme.txt of WP. So what else can it be?

The Solutions:

Below are the methods you can try. The first solution is probably the best. Try others if the first one doesn’t work. Senior developers aren’t just copying/pasting – they read the methods carefully & apply them wisely to each case.

Method 1

I’m just assuming here but this is usually done by fingerprinting for specific version files/directory’s/code and sometimes even size.

For example you can remove all the meta versions tags ( isn’t there like 12 places) and .txt file for 3.1 but since 3.1 is the only version to include the following new file by default, it is rather easy to fingerprint.

wp-includes/js/l10n.js

Since each release has many new additions, if you spend enough time writing a smart bot, it not very hard to find release specific data. Hiding all this info would be a lot of work for every release.

Method 2

This is a bit of code I wrote a while back to do WP version detection in the most obvious ways: http://ottodestruct.com/class-wp-detection.phps

There are other methods, more subtle and less obvious. His method is file fingerprinting. Basically checking for whether certain files exist or not.

Method 3

I know there’s already been an accepted answer, but just throwing this out there. The way I do it is parse out the $wp_version variable from your blog dir’s ‘wp-includes/version.php’ file:

function get_wp_version() {
 $versionFile = ABS_PATH.'/wp-includes/version.php'
 // NO VERSION FILE //
 if (($versionStr = @file_get_contents($versionFile))=='') return ''; 

 $regex = "wp_version.*'(?<wpVersion>.*)'";
 if (preg_match('/'.$regex.'/', $versionStr, $matches)) {
  return $matches['wpVersion'];
 }
 return '';
}


All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

Leave a Comment