Security

CMS detector

See the CMS and server software a site gives away.

Free, no sign-up Runs on demand, nothing stored

Sample result
brightleaf.co.uk
Exposed software
Software exposed
Generator WordPress 6.5.2
Server nginx
X-Powered-By PHP/8.2.10

Your result

What this checks

What the site gives away

Many sites announce the software that runs them, through a generator meta tag in the HTML and through response headers like Server and X-Powered-By.

This tool reads the homepage and reports the CMS, generator and server software it finds exposed, along with version numbers where they are published.

Why it matters

A version number is a target

A published version number tells an attacker exactly which known vulnerabilities to try, so exposing it is a small but real risk that is easy to remove.

For an agency taking over a site, the exposed software is also a fast way to learn what a client is actually running before you quote the work.

How to fix it

Stop advertising your stack

1

Remove the generator tag

Most platforms can drop the generator meta tag, or a plugin or theme setting will hide it.

2

Trim the headers

Strip or shorten the Server and X-Powered-By headers at the web server or CDN so they do not name a version.

3

Keep software current

Hiding the version helps, but the real fix is staying patched so a known version is not worth attacking.

One of around two dozen checks

CMS detector is one check

Janitor watches exposed CMS and server software automatically across every client site and puts it in a branded report you can send.

Keep reading

Related tools and guides

FAQ

CMS detector FAQ

Why can the tool not always detect the CMS?

A well-configured site removes the generator tag and trims its headers, so nothing is exposed to read. No detection here is a good sign, not a failure.

Is exposing the CMS actually dangerous?

On its own it is low risk, but it makes a site easier to target. Removing the version is a quick, sensible hardening step.

Can Janitor watch this across many sites?

Yes. Janitor flags exposed CMS and server fingerprints on every client site, so a theme or host change that starts leaking a version is caught.

Get started

Check it once, or watch it for every client

Janitor runs around two dozen checks on every site you manage and turns them into a branded report.

30-day free trial. No credit card required.