Script to Remove Readme and License Files From WordPress Installations

By | 2015/05/15

By default, WordPress, themes, and plugins will install readme and license files which can be a source of information leakage to a hacker. Here is a quick script to remove those files!

Readme files and licence files should be removed from production servers. These types of files tell a hacker exactly what version of software is installed and online.

Below is a dumb script to remove license and readme files from WordPress installations.

Considering one or more WordPress installations are in /var/www/, place this file in /var/www/ as say, /var/www/

#!/bin/bash -ex
# removes readme and license files from wordpress and plugins
license=(`find . -iname license*`)
readme=(`find . -iname readme*`)

for i in ${license[@]}
       sudo rm $i

for x in ${readme[@]}
       sudo rm $x

Run with:

$ sudo ./

Below is example output:

stmiller@li166-66:/var/www$ sudo ./ 
+ license=(`find . -iname license*`)
++ find . -name 'license*'
+ readme=(`find . -iname readme*`)
++ find . -name 'readme*'
+ for x in '${readme[@]}'
+ sudo rm ./

2 thoughts on “Script to Remove Readme and License Files From WordPress Installations

  1. Ivan


    wouldn’t that script be more efficient if you used “-iname” switch in find(1) to ignore case? I am asking that because readme and licence files are mostly named in caps (README.txt etc.).


Leave a Reply

Your email address will not be published. Required fields are marked *

Notify me of followup comments via e-mail. You can also subscribe without commenting.