Back door to see the number of blogs on a MU installation

It seems that there is a back door to see the number of blogs on a WordPress-MU installation. If you look at the header of any page on a WordPress-MU installation you will see a line like (the XXXX denotes the number of blogs on the system):
The Header section shows stuff that your browser would receive but not display. A fresh WPMU installation headrer will also show the date the system was installed and the link of the main blog.

If you want to test this option you can use Rex Swain’s HTTP Viewer and just type in the blog address and click submit. The popular system returns (today) the following data:

The good people at removed this feature from their system and replaced it with the following message:
hacker:·If you're reading this, you should visit and apply to join the fun, mention this header.
If you want to remove this back door from your installation, open wp-includes/wpmu-functions.php and comment line 77 (on version 1.2.4).

Did you find this post interesting? Please subscribe to my feed.

Comments 4

  1. drmike wrote:

    Oh that’s nice….

    Posted 02 Sep 2007 at 5:32 pm
  2. Andrey Lis wrote:

    i successfully removed this)) see wpmu forums

    Posted 02 Sep 2007 at 5:55 pm
  3. Elad wrote:

    Andrey, I removed it also – see the bottom of the post 🙂

    Posted 03 Sep 2007 at 7:01 am
  4. Andrey Lis wrote:

    heh =) Really 😀

    i must read all the post next time)

    Posted 03 Sep 2007 at 12:23 pm

Post a Comment

Your email is never published nor shared. Required fields are marked *