Information Disclosure

For years, WordPress is used as a platform for blogging. Last years, more and more companies have even built their website in WordPress. Unfortunately, this also means it is more often targetted by scripts, searching for their next victim. The primary reasons for a WordPress hack, are often disclosed information and outdated software components. This is applicable to the WordPress version itself and modules, like the plugins. In this article, we have a look at dealing with unwanted information disclosure, and how we can reduce revealing too much.

If you care about security, making your system “lean” is one very good start. Remove all clutter, like unused packages. It is part of system hardening and considered a good practice. This also applies to leaking of version numbers, which can only be harmful. Yes.. it is security through obscurity. But why would you reveal specific details about your environment to attackers? In this article we have a look at the very popular Nginx web server daemon.