Hide information about the CMS version, modules and what files can be deleted in the site folder

13.10.18 IT / Safety 3515

Site security is currently one of the most important areas that requires serious attention. According to the data, hacking sites by various persons - hackers, intruders and simple users. Many of the hacks from this list were committed due to non-compliance with basic site security rules.

To hack a site, you need to find some vulnerability in it. However, in order to quickly find a site security hole , you need to be aware of the vulnerability. Otherwise, the search for such a vulnerability would have taken quite a long time, if it had been found at all, in which case the attacker would forget about your site and go to look for other sites to hack.

First of all, hackers are looking for information about what software is used:

• which engine (CMS) is used and its version,
• which modules (plugins) are installed and their versions;
• list of used themes and their versions;
• availability of third-party libraries and their versions (jQuery, PHPMailer, etc.).

Having learned this data, you can quickly find information on the Internet on how to hack a site with a specific system and version. After all, new vulnerabilities of modules, themes and the engine of any system itself are periodically searched for, be it: Drupal , Wordpress, Joomla and others.

That is why it is so important to hide information about the version of CMS, modules and themes . Critical data can be displayed in different places:

• information about the CMS and its version on the site itself - labels, icons, images, etc. (for example, "powered by ...");
• the source code of the main and nested pages - the "generator" meta tag, version data in the include files ("? ver = 1.0"), etc.;
• source code of service pages - login pages, registration pages, etc .;
• files with help information in the root of the site and other folders that are accessible from the browser, etc.

To hide or delete this data, you can use the help of an IT specialist. Or, as a last resort, try to fix this situation yourself. For this, there are special modules that hide version information, but they do not completely do the job - the data may remain in some places. Therefore, it is necessary to search for such data manually and remove it from the code without affecting the functionality of the system.

Another important procedure is the removal of unused information files. What files can I delete in the site folder ? As a rule, any CMS comes with various auxiliary files that are informational in nature. Such files are usually available directly in the browser, this information greatly simplifies the hacking of the site. Most of these files are stored in the root of the site. Names can be either uppercase or lowercase, and they can have all sorts of similar names in other languages. An approximate list of files in the site folder that can be deleted (generalized for different CMS):

• readme.txt or readme.html,
• license.txt,
• changelog.txt,
• maintainers.txt,
• upgrade.txt,
• install.txt,
• copyright.txt.

These files can be painlessly deleted, however, when updating, they may appear again - therefore, after updates, do not forget to repeat the procedure for deleting such files.

Thus, the article discussed why it is important to hide information about the CMS version, modules and themes, as well as which files can be deleted in the site folder and in its subfolders. It is better to entrust this work to a trained specialist . All this will significantly increase the security of your site and prevent potential loss of profits, loss of important data and customers, and possible sanctions by various authorities.