Script to Remove Readme and License Files From WordPress Installations

By | 2015/05/15

By default, WordPress, themes, and plugins will install readme and license files which can be a source of information leakage to a hacker. Here is a quick script to remove those files!

Readme files and licence files should be removed from production servers. These types of files tell a hacker exactly what version of software is installed and online.


Below is a dumb script to remove license and readme files from WordPress installations.

Considering one or more WordPress installations are in /var/www/, place this file in /var/www/ as say, /var/www/rmreadme_license.sh

#!/bin/bash -ex
# removes readme and license files from wordpress and plugins
#
license=(`find . -iname license*`)
readme=(`find . -iname readme*`)

for i in ${license[@]}
do
       sudo rm $i
done

for x in ${readme[@]}
do
       sudo rm $x
done

Run with:

$ sudo ./rmreadme_license.sh

Below is example output:

stmiller@li166-66:/var/www$ sudo ./rmreadme_license.sh 
+ license=(`find . -iname license*`)
++ find . -name 'license*'
+ readme=(`find . -iname readme*`)
++ find . -name 'readme*'
+ for x in '${readme[@]}'
+ sudo rm ./scottlinux.com/wp-content/plugins/limit-attempts/readme.txt
stmiller@li166-66:/var/www$