10

I have a Magento store and I want to hide it from cms detectors. I mean I don't want anyone to know my website CMS and that my website is built on Magento.

There are some websites like http://guess.scritch.org/ which are detecting CMS and I want to hide my website CMS from their observation.

There are some ways to hide WordPress websites CMS but I couldn't find anything for Magento

Evince Development
  • 985
  • 7
  • 20
Moh3n
  • 859
  • 4
  • 15
  • 37
  • Unless you try to mask these (plus more) "Top 5 Clues A Store Is Running Magento" http://magebase.com/magento-tutorials/top-5-clues-a-store-is-running-magento/ – MagePal Extensions Jan 04 '15 at 17:03
  • magento already gave you an option to change your admin path and disable/rewrite downloader, what else you need to hide??? using rewrites and html source replacement you can do whatever you want. –  Jan 04 '15 at 17:49
  • 1
    btw wordpress is the same story, you hide mostly admin and rewrite some login paths. remember, hackers dont care what CMS you have. –  Jan 04 '15 at 17:52
  • 2
    Complete rewrite of how Magento functions. There are so many tells that it's impossible otherwise. – Fiasco Labs Jan 04 '15 at 18:50
  • See also: http://magento.stackexchange.com/questions/104889/protect-a-site-from-wappalyzer/104894#104894 – Fabian Schmengler Mar 23 '16 at 11:33

2 Answers2

8

First you need to know, how your website is identifiable as magento, as there are a big number of possible proves.

  • basic html structure
  • magento specifiv css
  • special js code on product views (assuming you already obfuscate the js files)
  • some routes special for magento
  • headers and html head
  • some file locations usually accessible (licence file, skin path, /js path)
  • API endpoints

In the end the better question is, how much work do you want to invest, and if it is worth the work.
In case of security, there are enough blind attack bots out there, which trys magento attacks on your website, even if it is not recognizable as magento

Flyingmana
  • 6,127
  • 3
  • 27
  • 64
  • I feel that it adequately answers the question. Different sites/services use different detection methods. You have to understand how the detector in question pins Magento in order to side-step possible detection. That means - and is not limited to - obfuscating the 7 points listed by Flyingmama. – sparecycle Jan 05 '15 at 20:00
0

Best answer here should be decoupling. Decouple Magento, use React or Vue as frontend, and just communicate with Magento backend via their API.

jehzlau
  • 437
  • 1
  • 5
  • 20