Information Disclosure

Hardening WordPress Security and Reduce Information Disclosure

WordPress installations are easy to be hacked if they disclose too much information, like version numbers. Hardening your installation can help to reduce this risk.

Summary of Hardening WordPress Security and Reduce Information Disclosure

For years, WordPress is used as a platform for blogging. Last years, more and more companies have even built their website in WordPress. Unfortunately, this also means it is more often targetted by scripts, searching for their next victim. The primary reasons for a WordPress hack, are often disclosed information and outdated software components. This is applicable to the WordPress version itself and modules, like the plugins. In this article, we have a look at dealing with unwanted information disclosure, and how we can reduce revealing too much.

Read the full article…

Hiding the nginx version number

Security professionals usually don't advise to use "security through obscurity". Still, it's wise to hide the nginx version number.

Summary of Hiding the nginx version number

If you care about security, making your system “lean” is one very good start. Remove all clutter, like unused packages. It is part of system hardening and considered a good practice. This also applies to leaking of version numbers, which can only be harmful. Yes.. it is security through obscurity. But why would you reveal specific details about your environment to attackers? In this article we have a look at the very popular Nginx web server daemon.

Read the full article…