Navigation
This is archived content. Visit our new forum.

Tagged: 

  • Author
    Posts
  • #1223715
    ripla
    Participant

    Hi,

    One of the licensed recently got hacked. Apparently they found the way in via x-header.

    The plugin Securi reported the following:

    Security Header: X-XSS-Protection Missing
    We did not find the recommended security header for XSS Protection on your site.
    http://kb.sucuri.net/warnings/hardening/headers-x-xss-protection
    Security Header: X-Frame-Options
    We did not find the recommended security header for ClickJacking Protection on your site.
    http://kb.sucuri.net/warnings/hardening/headers-x-frame-clickjacking
    Security Header: X-Content-Type nosniff
    We did not find the recommended security header to prevent Content Type sniffing on your site.
    http://kb.sucuri.net/warnings/hardening/headers-x-content-type
    Server Banners Displayed
    Your site is displaying your Apache web server default banners.
    http://kb.sucuri.net/warnings/hardening/disable-server-banners

    Is there anything i need to do to combat this?

    Many Thanks

    #1224000
    Rupok
    Member

    Hi there,

    If you have higher risk of your site, you can use some security measurement to your site, usually with some plugins. There are some good plugins out there that will do the job. It’s not possible to add such thing on a theme as they are plugin territory functionality. Make sure you are using a good server because most of the hacks are easier if you are using shared host or potentially unsecured hosting service. Then you can use a plugin and set some security measurement.

    Thanks!

  • <script> jQuery(function($){ $("#no-reply-1223715 .bbp-template-notice, .bbp-no-topic .bbp-template-notice").removeClass('bbp-template-notice'); }); </script>