There is an extremely high chance that this article is stoking the paranoia. It’s correct but only in the strictest of senses. In practicality it’s just a fancy name for “when you leak things that aren’t meant to be public, people who saw it might tell you if you ask them”, but specifically Google.
Google dorking is just a fancy name for “searching the google bot cache”. It cannot reveal data that has never been made publicly available on your site, and it is not a secret backdoor to uncover previously unavailable secrets.
can anyone explain how can we secure any wordpress based website from google dorking?
Don’t expose confidential information, and when it is exposed notify those affected as you’re required to be law/regulations. Invalidate change or revoke anything that does get leaked. This is no different for things in google cache or just if there’s a security breach on your site.
the wordpress website enables REST api like any other websites and it shows a JSON file
No JSON files are involved in the REST API, just like there is no file for each blog post.
always now the point is how can we secure website from google Dorking from exposing personal information eg. pdf files
Google dorking can only expose information that has already been exposed. If that data is exposed then it is already too late. Otherwise you need to ask in a Google community how to remove search results.
and db password or wp-config.php file information etc.
This would only happen if you had suffered a massive security breach. If this happened you would need to change all your database details immediatley and reset all passwords. You can’t just hide secrets, once they are out it is too late and they must be changed.
If at any point your wp-config.php is being served as a text file and not a PHP file then you have suffered a major security breach and must notify your host, invalidate the database details, fix the problem, then apply new details once it is re-secured. It is not possible to get the contents of wp-config.php via google dorking unless you have suffered this kind of breach.
is there any specific official wordpress patchset available for this?
No, and asking for one doesn’t make sense because there is no vulnerability to fix. Short of just blocking Google and disappearing from search results.
Google Dorking is not a way to exploit code to reveal secrets, it’s just a fancy name for browsing cached data from Google. It’s like asking if there is a patch for WordPress that fixes the way back machine