Is it possible to make itless obvious mysite is using elgg?
By hunteeer
I have some experience with wordpress and there are plugins to get rid of all "wordpress" "wp" and stuff like that in the page's final source output. Ithink like this: If it's less obvious I use a certain paltform, it'll take a potential hacker/invader at least a bit longer to exploit the platform's weaknesses. Is there a mod for elgg providing this? If I have to make myown views for each and every mod and core feature I use, well, I will have to doit, but how do I change the compressed css and js files' names from "elgg.*" to something else?
- iionly@iionly
iionly - 0 likes
You must log in to post replies.I don't think it's worth the effort. And it's likely a lot of effort necessary to successfully hide usage of Elgg sufficiently. And even if it's less apparent that Elgg is used, it would help as an attack would most likely not be directed against Elgg usage in the first place specifically but rather aim undirectedly against any possible framework installed. If the attack would be successful, it wouldn't matter if the framework in use would be camouflaged because the sucess of the attack would reveal it anyway.
And putting effort into hiding which framework is used would require constant work every time you update your site to take into account any changes in code of the new version. And you would want to use the latest version as soon as possible as they might fix some security issue that you are so afraid of.