Website vulnerabilities

  • I did a security scan on my WordPress website through Acunetix and found the following vulnerabilities.

    1. WordPress XML-RPC authentication brute force
    2. Cookies with missing, inconsistent, or contradictory properties
    3. Cookies without HttpOnly flag set
    4. HTTP Strict Transport Security (HSTS) not implemented

    How can I fix the problems? Please help.

    The page I need help with: [log in to see the link]

Viewing 3 replies - 1 through 3 (of 3 total)
  • Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    1. Install a plugin like WordFence (or one of the other security plugins) to block brute force login attempts.

    2. That’s a bit vague.

    3. Which cookies?

    4. Contact your host. This is a server configuration thing.

    Thread Starter Soma Basu

    (@9748076617-1)

    1. Cookies with missing, inconsistent or contradictory properties (verified)
    Details:

    List of cookies with missing, inconsistent or contradictory properties: https://imerit.net/wp-login.php
    Cookie was set via:
    Set-Cookie: wordpress_test_cookie=WP+Cookie+check; path=/; secure

    This cookie has the following issues:
    – Cookie without SameSite attribute. When cookies lack the SameSite attribute, Web browsers may apply

    2. Cookies without HttpOnly flag set (verified)
    Details:

    Cookies without HttpOnly flag set: https://imerit.net/wp-login.php
    Set-Cookie: wordpress_test_cookie=WP+Cookie+check; path=/; secure

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    the test cookie is sent just to make sure that cookies can be set, so there’s no issue there.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Website vulnerabilities’ is closed to new replies.