if I view source of a page with your plugin activated and I search for "joomla" word I find two occurrences.
One for "joomla-script-options" css class and one for "joomla.jtext" js method.
This is not very good for site security cause malware bot searching for cms name string in the page so It can apply correct exploit to hack the site.
Could you change this class and method name please?
Both things you've pointed out are Core Joomla output. I use it in my extensions, but I didn't create it.
Thanks, I've already secured my site with your suggests and others.
Sound strange you suggest to disable showing joomla version for security reasons while your plugin write joomla strings in the code.
I know now these classes are from joomla core, but my question is:
it's possible doing same things in a different way to avoid to show these unsafe line in page source?
For me this is very critical and I hope sincerely you could find a way to fix this.
My plugin does not write joomla strings in the output - Joomla does that. Any extension that uses JFactory::getDocument()->addScriptOptions() or JText::script() adds those strings - and many, many extensions do. Just using the Joomla login module adds a script option to enable the Joomla keepalive functionality.
There's nothing for me to fix, because it's in the Joomla core. It was discussed heavily at the time, and the decision was made to include those strings. It wasn't always this way - it happened sometime around Joomla 3.6.