Skip to content

MorrowShore/fuckalyzer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
fuckalyzer.php
fuckalyzer.php
 
 

Repository files navigation

NOW OPTIMIZED!

image Fuckalyzer 🖕

The WordPress plugin that fucks over Wappalyzer

image

License WordPress Amount of Trolling Wappalyzer Status

The Problem

You're security-conscious. You don't want nosy competitors, script kiddies, or that one guy from marketing running Wappalyzer on your site and going "oh interesting, they're running WordPress 6.4 with Elementor and WooCommerce, let me just check the CVE database real quick..."

Or maybe you just think it's none of their fucking business what your tech stack is.

You may have already tried Wordpress plugins before that aim to hide your stack, but they all do weird things like changing and redirecting your links, which bugs out media and functions

But you know... to not be seen by someone, you don't necessarily need to hide yourself... you could also just blind them.

The Solution

Fuckalyzer. It doesn't hide your tech stack, it just makes technology detection tools see literally everything in existence.

"Is this site running React or Vue?"
"Yes."
"...which one?"
"Also Angular. And Nuxt. And Next.js. And Drupal. And Laravel. And also ASP.NET."
"That's not possible."
"And Flutter. At the same time."

Smart Detection?!

Fuckalyzer only begins working if it detects the user running, Wappalyzer, BuiltWith, or other technology profilers.

Only then does it activate. Your regular visitors see nothing unusual. But snoopers? They get flashbanged.

Some of the features:

  • Zero impact on page load for normal visitors
  • Spoofing only activates when profilers are detected
  • All fake elements are hidden from actual users
  • Headers and cookies blend seamlessly

How to install:

  1. Download fuckalyzer.php
  2. Drop it in /wp-content/plugins/
  3. Activate in WordPress admin
  4. There is no step 4. You're done. Go grab a coffee.

Detection Methods:

1. Resource Probing

// Try to load Wappalyzer's internal files
chrome-extension://gppongmhjkpfnbhagpmjfkannfbllamg/js/inject.js

If it loads, gotcha.

2. DOM Snooping Looks for injected <script> tags with Wappalyzer signatures.

3. Message Interception Listens for the postMessage events these extensions use.

How We Spoof:

  • Meta tags: Fake generators for WordPress, Drupal, Elementor, Divi, etc.
  • HTTP Headers: Fake Vercel, Cloudflare, ASP.NET, Python server headers
  • Cookies: Fake session cookies for Laravel, Symfony, Java, ASP.NET
  • JavaScript globals: Fake window.React, window.Vue, window.angular, etc.
  • DOM elements: Hidden elements that trigger CSS/DOM-based detection
  • CSS variables: shadcn/ui, Tailwind signatures
  • Link prefetches: Fake script sources that match regex patterns

Credits:

Detection fingerprints based on wappalyzer itself at: projectdiscovery/wappalyzergo

Made with 🖕 for privacy enthusiasts and chaos agents everywhere

Hide your stack. Confuse your enemies. Trust no profiler.

About

Wordpress plugin to fuck over Wappalyzer with false detections.

morrowshore.com

Topics

plugin wordpress wordpress-plugin wp-plugin wappalyzer wappalyzer-cli

Resources

Readme

License

AGPL-3.0 license
Activity

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages