Fix guide · medium · wordpress_readme_exposed

WordPress /readme.html publicly exposed

Why it matters

Reveals the exact WordPress core version, which maps to a known CVE list. Targets for attacks like CVE-2024-XXXX without you needing to fingerprint further.

How to fix it

1. Remove /readme.html from the deploy. Many security plugins also do this automatically.
2. Rewrite-block in your web server config:

``` # Apache <Files "readme.html"><Require all denied></Files>

# Nginx location = /readme.html { deny all; } ```

1. Update WordPress core if you're not on the latest version.

Did vibecheck flag this on your app?

If you reached this page from a vibecheck inspection report, the redacted match in your scan output is the exact string we found in your bundle. After applying the fix above, run the inspection again — the finding should clear.