Suggestion for security

Hi,
if I view source of a page with your plugin activated and I search for "joomla" word I find two occurrences.
One for "joomla-script-options" css class and one for "joomla.jtext" js method.
This is not very good for site security cause malware bot searching for cms name string in the page so It can apply correct exploit to hack the site.

Could you change this class and method name please?

Thanks in advance.

Luca

The class "joomla-script-options" is Core Joomla - If you rename or remove it, many front-end functions will no longer work. joomla.jtext is Core Joomla front-end translations. If you rename or remove it, any javascript that displays text will not display any text.

Both things you've pointed out are Core Joomla output. I use it in my extensions, but I didn't create it.

You might be interested in this article:
www.richeyweb.com/software/joomla/35-securing-joomla

Thanks, I've already secured my site with your suggests and others.
Sound strange you suggest to disable showing joomla version for security reasons while your plugin write joomla strings in the code.
I know now these classes are from joomla core, but my question is:
it's possible doing same things in a different way to avoid to show these unsafe line in page source?
For me this is very critical and I hope sincerely you could find a way to fix this.

Many thanks

Luca

My plugin does not write joomla strings in the output - Joomla does that. Any extension that uses JFactory::getDocument()->addScriptOptions() or JText::script() adds those strings - and many, many extensions do. Just using the Joomla login module adds a script option to enable the Joomla keepalive functionality.

There's nothing for me to fix, because it's in the Joomla core. It was discussed heavily at the time, and the decision was made to include those strings. It wasn't always this way - it happened sometime around Joomla 3.6.