只需使用WordPress启动并运行我的第一个网站。使用Wappalyzer和WPScan等工具。许多WebSite正在被曝光。我已经使用了隐藏我的wp插件。但仍然从WPscan收到此信息
| [!] 3 vulnerabilities identified:
|
| [!] Title: PWA for WP <= 1.0.8 - XSS
| Fixed in: 1.0.9
| References:
| - https://wpscan.com/vulnerability/f737a5c7-6c40-4a75-9145-045cc707cdc0
| - https://plugins.trac.wordpress.org/changeset?reponame=&new=2057552%40pwa-for-wp&old=2041924%40pwa-for-wp
|
| [!] Title: PWA for WP & AMP < 1.7.33 - Authenticated (Subscriber+) Arbitrary File Upload
| Fixed in: 1.7.33
| References:
| - https://wpscan.com/vulnerability/db9d5a08-a16a-4767-8d85-1b3e02dbbfbd
| - https://blog.nintechnet.com/wordpress-pwa-for-wp-and-amp-plugin-fixed-vulnerabilities/
|
| [!] Title: PWA for WP & AMP < 1.7.33 - Authenticated (Subscriber+) Settings Change
| Fixed in: 1.7.33
| References:
| - https://wpscan.com/vulnerability/b38a51d7-375e-4cca-88ba-ccab796ac134
| - https://blog.nintechnet.com/wordpress-pwa-for-wp-and-amp-plugin-fixed-vulnerabilities/
来自Wappalyzer。别误会我的意思。我不介意让人们知道我使用WordPress来构建我的网站。但我想尽可能隐藏所有其他信息,因为我觉得那些黑客知道的信息越多,我的网站的安全性就越低。
那么,我们应该担心这些信息被泄露吗?有什么改进的方法吗?使用wordpress时可以隐藏多少信息?