REQUEST: block sites scanning for used plugins

  • Resolved hexaae

    (@hexaae)


    3 years, 6 months ago

    You know, there are many online services today able to scan WP sites and detect installed plugins.
    Wondering if WP Cerber could do something to prevent this as a further hardening measure, maybe with next versions…

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author gioni

    (@gioni)

    Hi!

    Unfortunately, it’s not possible. The plugins and themes are detected by analyzing static assets such as CSS, JS, and readme files bundled with plugins and themes. The detection is possible due to the nature of the WordPress file structure. All those files are publicly accessible. They are handled by front-end servers, and so WordPress plugins, including WP Cerber, do not handle them since they are running on the back-end servers. The only weak workaround is using a good minification plugin and blocking access to the mentioned above static files in the front-end server configuration file, which is possible on a VPS or a dedicated server only.

    Thread Starter hexaae

    (@hexaae)

    Ok, thanks for fast reply.
    There are also plugins like ‘WP Hide & Security Enhancer [Nsp Code]’ to randomize theme, plugins path names…
    Are you aware of possible conflicts with WP Cerber?

    • This reply was modified 3 years, 6 months ago by hexaae.
    Plugin Author gioni

    (@gioni)

    I do not see a value in hiding anything. It’s a naive approach and makes no sense from a security standpoint. Do not use WP Cerber along with any hiding plugin. You definitely get conflicts.

    Thread Starter hexaae

    (@hexaae)

    Yep, I’ve read the critics to the “security through obscurity” applied to the WP env causing many potential issues, and I’m actually still hesitant… Thanks for your reply and your great WP Cerber plugin! ??

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘REQUEST: block sites scanning for used plugins’ is closed to new replies.

Tags