Qutzl Insights

Tutorial

Inventory your public websites before the next CVE

You cannot patch what you forgot existed. A quick method to find shadow WordPress and forgotten subdomains.

1 min readBy Michael NarehoodHosting

Advertisement

Emergency WordPress patches only help sites you remember.

1. Pull DNS and registrar lists

Export domains and note which point to websites vs email-only.

2. Check hosting and Microsoft 365 DNS

Old A records and forgotten Azure/static sites count.

3. Hit each site’s generator meta / login path

/wp-admin and generator tags still reveal a lot of WordPress estates.

4. Record version ownership

Who patches it: you, a developer, a host “care” plan, or nobody?

5. Schedule the review

Twice a year is enough for many SMBs, plus ad-hoc when a CMS CVE drops.

Need help building the inventory? Contact Qutzl.