New to the community? Start here

Hide technologies behind my site

0

It would be very good if Defender can hide the technologies what I’ve used for my site. Like CSM, plugins etc. I’m using Wappalyzer to check site technologies

Fri, 23 Aug 2019 12:33:40
  • Adam
    • Support Gorilla

    Hi Arthur De Frayssinet

    I hope you’re well today and thank you for your suggestion!

    Similar ideas were suggested already a few times and discussed with our developers but the point is that this actually doesn’t really add-up to the site security in any way. I do understand the point and there’s some reason behind hiding e.g that site’s powered by WordPress – because one can assume that knowing it’s WordPress and knowing what version of it (as well as knowing about e.g. theme and/or plugins used) makes it “easier” for attacker to find vulnerabilities.

    But that seems to be quite a common misunderstanding and in reality that doesn’t quite work this way :slight_smile:

    If it’s a targeted, “human powered” attack against your site, hiding WP won’t help much as attacker will find a way to find out about technology anyway or won’t even bother about it and will attack on e.g. server level (in which case it doesn’t matter much if it’s WP or not). And if it’s “bot powered” – most bots don’t really care about checking anything, instead it’s usually just a massive “blind” offensive that sooner or later just finds the “security breach” anyway – because hiding WP and its version (as well as hiding plugins’ / themes’ usage) doesn’t make vulnerabilities go away. If they are there, they’ll still be there.

    We’re focusing on adding more features and tools and improving existing ones that will actually secure sites more by identifying known vulnerabilities and blocking/fixing them if/where possible or at least reporting them, as well as helping maintain sites up to date and “vulnerabilities free”, keep away unauthorized/unwanted traffic and access and so on – I believe that’s the best course of action.

    However, what I wrote above is mostly the summary of what we’ve already discussed with our developers so far. If you believe I’m missing something here or there’s some flaw in that reasoning, I’ll be glad to get your feedback on this and pass it over to our Defender team so please let me know and don’t hesitate to point out if I missed something or you think I’m wrong on this one. I’ll be more than happy to share your insights on this with our developers so they would re-consider adding such options/tools to the plugin with one of future releases :slight_smile:

    Thank you again for sharing this suggestion!

    Best regards,

    Adam