26 Feb 2022
I am running my customer's website on HTTPS with proper SSL installation, it has more than 7000 clients. Also, I have enabled some REST APIs to the website, in response to the endpoints - it shows the JSON body of the response. I want to know the way about how do I secure a website from exposing personal information obtained in the JSON body. (Because it may have word documents, text files with sensitive information, pdf files, or some encrypted password files too.)
I am worried about way back machine archives and google Dorking.
Can someone get my information from the wp-config.php file?
Can Google Dorking expose my code? Any idea?
6 Mar 2022
After exploring more about Google dorking, Here are my findings.
Google Dorking (GD) is not made to expose anything private from your application/website. It is saying “Google looked in the google cache”, it shows only publicly accessible items only from your website to your reader who has required low/light internet connection. GD is not a way to exploit code to reveal secrets. To avoid such thing, you can check the checkbox saying, “discourage search engines to not index your articles…”
About your "wp-config.php"` is part of Wordpress and which cannot be accessible publically by any bots or any search engines or wayback machine. So don't worry it is safe until your access is not hacked or someone crack your website. WP-VCD Malware was the one, which destroyed millions of website, and put all website down at a time. You can visit here to read more about my WP_VCD attack analysis and solution.
Remember: Google dorking can only expose information that has already been exposed.