From cb3617463c1798ecc86fd70b5b68501d90f17c76 Mon Sep 17 00:00:00 2001 From: Mikula Beutl Date: Sun, 16 Feb 2025 12:15:44 +0100 Subject: [PATCH] Update securing-modx.md Adding a block for Extensions tracking website data --- en/getting-started/maintenance/securing-modx.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/en/getting-started/maintenance/securing-modx.md b/en/getting-started/maintenance/securing-modx.md index c6c4c3bf..8800505b 100644 --- a/en/getting-started/maintenance/securing-modx.md +++ b/en/getting-started/maintenance/securing-modx.md @@ -168,6 +168,10 @@ Again, this could potentially live on another domain (e.g. one optimized to serv You can mask your Manager login page so it’s not obvious that your site is powered by MODX. See the page on [Manager Templates](building-sites/client-proofing/custom-manager-themes) for more information. +### Browser Extensions Collecting Information + +When users log into the MODX Manager using Chrome or Firefox, they may have browser extensions like [BuiltWith](https://trends.builtwith.com/framework/MODX) or [Wappalyzer](https://www.wappalyzer.com/websites/modx/) installed. These extensions track website visits, analyze browsing behavior, and compare detected patterns like the default `` tag *Dashboard | MODX Revolution* against their databases to categorize sites. To reduce exposure, customize these and other identifiable elements to make it more difficult for extensions to detect MODX. + ### Change the Default Database Prefixes This is best done when you first install MODX, but it’s always a good habit to avoid the defaults and choose a custom database prefix for your tables instead of the default `modx_` prefix. If a hacker is somehow able to issue arbitrary SQL commands via a SQL injection attack, using custom table prefixes will make the attack a bit more difficult.