Just have my fist website up and running with WordPress.
Using the tool like Wappalyzer and WPScan. A lot of webite is being exposed.
I already use hide my wp plugin(s). but still received this information from WPscan
| [!] 3 vulnerabilities identified:
|
| [!] Title: PWA for WP <= 1.0.8 - XSS
| Fixed in: 1.0.9
| References:
| - https://wpscan.com/vulnerability/f737a5c7-6c40-4a75-9145-045cc707cdc0
| - https://plugins.trac.wordpress.org/changeset?reponame=&new=2057552%40pwa-for-wp&old=2041924%40pwa-for-wp
|
| [!] Title: PWA for WP & AMP < 1.7.33 - Authenticated (Subscriber+) Arbitrary File Upload
| Fixed in: 1.7.33
| References:
| - https://wpscan.com/vulnerability/db9d5a08-a16a-4767-8d85-1b3e02dbbfbd
| - https://blog.nintechnet.com/wordpress-pwa-for-wp-and-amp-plugin-fixed-vulnerabilities/
|
| [!] Title: PWA for WP & AMP < 1.7.33 - Authenticated (Subscriber+) Settings Change
| Fixed in: 1.7.33
| References:
| - https://wpscan.com/vulnerability/b38a51d7-375e-4cca-88ba-ccab796ac134
| - https://blog.nintechnet.com/wordpress-pwa-for-wp-and-amp-plugin-fixed-vulnerabilities/
and
from Wappalyzer.
Don’t get me wrong. I don’t mind letting people know that I use WordPress to build my site. but I would like to hide all the other information as much as possible since I feel like the more information those hackers know, the less security my site is.
So should we worry about these information being exposed ? any methods to improve it?
how much information can we hide when using wordpress?