Hide that my application is using the elgg framework for security pourposes

Hi I have just completed building my application using the elgg framework. One of the ways to improve security is to hide the components that are used to build an application. When I run my application on this website (http://guess.scritch.org/) it shows that my application is built using elgg. How can I make the framework invisible to those who might want to find out with malicious intent. 

  • theoretically you could run a search / replace for 'elgg' and 'elgg-' and 'elgg_' on the whole project and replace with nothing/null. probably you would need to do that in the database as well.

    then also remove the version code and other fields from the page header. also using the pagehandler_hijack plugin to change the default page addresses would be useful.

    if you do this, be sure to test it out on a blank installation of elgg first!

  • Even then you'd be hard pressed to fully hide it all, it's not worth the effort.  There's no security risk as long as you keep your site up to date with latest releases anyway.

  • Making Elgg detectable is good for the Elgg project since we can get stats from services like builtwith.com.

    Trying to hide your use of Elgg is "security through obscurity" and does not provide enough value for effort. Better to just focus on keeping your Elgg code up to date and report security bugs to security at elgg dot org if you find them.

  • i asked about this ages ago, as people have said here it is not worthit as you will surely use something that will give it away as a elgg site it would need you to recode elgg itself if you do this please let me know ^_^

  • Thanks everyone. I think I will keep things the way they are.