Incorrect Warnings for Active Security Features

  • Resolved bulls_shark

    (@bulls_shark)


    1 month ago

    Hello Support Team,

    I am using the “Protect your login form with Limit Login Attempts” option through SolidSecurity. However, a warning still appears under “Site Health,” directing me to your Pro version. The same issue occurs with the security headers we have configured server-side (Plesk “Additional Headers”)—a warning is displayed even though the headers are correctly implemented.

    Could you please check if these features can be recognized properly and marked as active to prevent unnecessary warnings?

    I greatly appreciate your plugin, especially for the SSL redirection (301), the Mixed Content Fixer, and the backend mixed content correction tool.

    Thank you for your support!

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Support jarnovos

    (@jarnovos)

    Hi @bulls_shark,

    You can deactivate these notices by enabling the “Dismiss all notices” slider under Security -> Settings -> General in the plugin.

    We will expand the detection for LLA to include Solid Security as well, to avoid showing this notice if it’s enabled in that plugin.

    Though with regards to the Security Headers notice; it seems likely that it is in fact correct, so, that not all of the Recommended Security Headers are currently being set on your site yet. You can test the site with a tool like SecurityHeaders.com, to see which ones are still missing from your configuration.

    Kind regards, Jarno

    Thread Starter bulls_shark

    (@bulls_shark)

    Hello Jarno, thank you for the feedback and the quick support.

    Since we set the header via plesk (additional headers), it is also recognized well in your linked one and has received top marks.

    I assume your plugin can’t query this option via Plesk, can it?

    Best regards and thank you very much

    Plugin Support jarnovos

    (@jarnovos)

    Hi @bulls_shark,

    The plugin detects the headers with a CURL test, therefore it can also detect headers that are set ‘outside’ of the plugin itself.

    In any case, the important part here is that the headers on your site are detected by test tools like SecurityHeaders.com, confirming that they are in fact present.

    Kind regards, Jarno

    Thread Starter bulls_shark

    (@bulls_shark)

    Hello, thank you very much for the great support

Viewing 4 replies - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.