Google To Help Notify You Of New Updates

November 23rd, 2009

googlelogoHere comes yet another way to be notified of new upgrades for WordPress in case you need one. Google has announced that they will be using their processing power to scan the source code of websites to look for the version number of the publishing software they are using and send them a notification through Google Webmaster Tools letting them know that an upgrade is available. In the case of WordPress, the meta tag was moved  to the core of WordPress in 2.5. Therefor, anyone running a version of WordPress from 2.5 and above should have it displayed in their source code unless it was either removed or edited out through an action in the functions.php file such as remove_action(‘wp_head’, ‘wp_generator’); Also, some plugins have been created that removes the version info as well, typically security related plugins.

Speaking of security, the security through obscurity argument regarding the public display of the version number of WordPress in the source code was over once the code for WordPress was available to the public. Matt Mullenweg mentioned this in his post regarding how to keep WordPress secure.

Hide the WordPress version, they say, and you’ll be fine. Uh, duh, the worm writers thought of that. Where their 1.0 might have checked for version numbers, 2.0 just tests capabilities, version number be damned.

So, I’m with Google in that including the version number in the source code can do more good than harm. In order to receive these update notifications from Google, you’ll need to have a Google Webmaster Tools account with a site attached.

The majority of people in the WordPress community have continuously advised removing this generator from being seen in the source code as a means of security. Will this line of thinking continue, or will we see more people add or leave it in to take advantage of the updates from Google?




  1. Andrew (11 comments.) says:

    The only people this will apply to are people who, or who’s webmaster, have disabled notifications in WordPress itself and actually know enough about the web to use Google’s Webmaster tools.

    This is useful why?

    • Jeff Chandler (171 comments.) says:

      Just one more method of getting the word out that an upgrade is available. Who knows, maybe there is a large group of people who just use webmaster tools and never log in to their site which would be a bad thing :(

  2. Miroslav Glavic (28 comments.) says:

    I follow Matt, Jane, Lorelle, this crazy guy that owns WPTavern, and countless more WordPressers (both official and community) so one of them is bound to Tweet about it.

    Also I run more that 30 sites, so I am on some WordPress based site every day, thus I don’t need google to do it for me.

    I also have in my firefox, a WordPress add-on, it tells me: 2.8.6 [12.11.2009]

    If you run only one site or so, then I understand not logging on daily. But this sort of can lead to some webmasters turning lazy.

    I read this site, I read other WP related site.
    I have this site and many other wp related sites on my Google Reader.
    I can check my gmail, twitter and Google Reader on my BlackBerry.

    I am already a Google-a-holic and use most of Google’s services.
    I don’t need another Google service, specially one that will do the same as about 89 other sources that I use.

  3. Carrie (12 comments.) says:

    Miroslav Glavic is right. I use too many different WordPress sites to even care about using yet another service that I can find out about updates from many many different sources.

    Still might be cool for the one wordpress site people.

  4. okky says:

    Well I think this give a point to google but since we all wordpressers has already builtin upgrade notification in the backend,it wouldnt give a plus to addopt since we must take a security risk by showing our wp version to everyone.

    • joecr (20 comments.) says:

      Are you crazy? Wait that was a rhetorical question. Of course you are you went crazy when you fell for the idea of security through obscurity, which is not security at all. The source code was released so they all know the security vulnerabilities & how to test if they can hack in without your version number. If you left it people could contact you letting you know that they noticed that you are out of date.

      • gestroud says:

        You’re a real class act, joecr – truly unbelievable and unnecessarily rude. I suggest you read this and take your argument up with the people who run WordPress. They’re the ones who suggest removing the version number, although Matt seems to be backtracking now.

        Most script kiddies are too unsophisticated to do much more than look for sites running obsolete versions of WP to tamper with. Better safe than sorry any day of the week.

        And how many people are altruistic enough to go out of their way searching Google to look at the source code on someone else’s site to let them know that they’re running an out of date version of WordPress? Do you? If you do, you’re a great guy without much of a social life.

        • David Lari (9 comments.) says:

          I thought the point of the article was that Google is altruistic enough to look through your site and let you know, or did I misread?

          • gestroud says:

            That’s not altruism. There’s something in it for Google. Anyone with any brains knows that. And anyone who’s going to leave a back door open when they know there are vandals around deserves whatever they get. You Googlephiles make me laugh. SEO this, SEM that and now they recommend leaving the keys to the house under a doormat where anyone can find it. Real smart.

      • okky says:

        site security was complex than you think, offcourse exposing wp version not really a risk if you always run the latest fresh wp version when all knowing bugs patched, but we know so many site still run out of date wp version for any reason… hiding wp version number was a part from way to hardening wp on that site, and personally i have notified enough about new version aviability since i login to wp admin everyday or by mailing list, so in the frontend i dont need to show what number of wp version i run, it was like show your underwear size to everyone.

  5. gestroud says:

    There’s also the WordPress Release e-mail Notification located on Well… on second thought, forget that resource. I’ve signed up to it with 2 different addresses and never received notification once about ANY new releases in the 3+ years I’ve been using WordPress. :-( It’s more convenient to just visit the WP homepage.

    • David Lari (9 comments.) says:

      I use that plug-in and it sent me a message when 2.8.6 came out. I only recently installed it, so I don’t know how reliable it will be going forward, but I’m happy with it so far.

  6. Michael Hampton (14 comments.) says:

    I see the upgrade notice in the WP dashboard, and then I go upgrade all my blogs. Easy.

    As for hiding the WP version, this is utterly pointless. It serves no good purpose, and actually has numerous drawbacks. The only reason people do it is to try to hide the fact that they are running an outdated version of WP, and for the bots, it doesn’t matter.

  7. Developer Overseas says:

    One very important reason for removing it is because some second-tier search engines categorize a website based on info in the meta tag. If I use WordPress to build a brochure site for a company and the site is not a “typical blog”, I do not want it labeled as a blog. Also, if I use WordPress as a CMS for a print magazine, I do not want it classified as a blog, but rather as news. Trust me, I have run into this classification problem, especially with non-English search engines.

  8. Lamin Barrow (1 comments.) says:

    Removing the version doesn’t make any sense at all because you will still have the /wp-content/ in your source no matter what. Thanks for posting. :)

  9. Tony (4 comments.) says:

    If you are posting to your site or making changes on a regular basis, then you ought to be aware of any version updates that need to be applied.

    What I find annoying, having 4 WordPress based sites, is the frequency at which plugins get updated. Every week it seems I have to update 6 or more plugins for each site, which gets a bit tedious. It would be nice if there was a way to update all plugins that needed updating with a single click.

    Having said that though, the ability to update WordPress itself without having to download and jump through hoops is really nice. There is no excuse now for not keeping things up to date.

    • David Lari (9 comments.) says:

      Ajax Plugin Helper will at least get you the ability to update a single site with one click. It helps me greatly with the 11 WP sites I run.

    • Otto (215 comments.) says:

      Version 2.9 adds mass plugin upgrade capabilities, I think.

Obviously Powered by WordPress. © 2003-2013

page counter