Check of the CMS version
|Check||Content Management System (CMS) identifiable|
|Description||The current content management system (CMS) can be identified. This information could be used by an attacker to search specifically for security flaws for this particular CMS.|
|Background||A content management system (CMS) is a software that allows a team of authors to collectively create, edit and manage content, mainly on websites, but also for other media types. If an attacker can find out which CMS version is being used, he or she can search for security flaws more effectively.|
|Consequence||It is possible to read the version of the content management system (CMS) from the outside. If the CMS is not up to date, criminals can exploit various security flaws to compromise the system and to store malicious code.|
|Solution/Tips||Always make sure that installed web servers and the content management system (CMS) are up to date. Some CMS allow you to hide the version information. Use this feature if it is available. The WordPress Plug-in "Hide My WP (German only)" may be interesting for you.
Further example for WordPress: In order to prevent attackers or hackers from reading the WordPress version directly, you can add the following line of code at the very end of the file functions.php: