Title: Security Scan Last modified: November 29, 2022 --- # Security Scan * Resolved [jonj1611](https://wordpress.org/support/users/jonj1611/) * (@jonj1611) * [3 years, 6 months ago](https://wordpress.org/support/topic/security-scan/) * Not sure how accurate is but says my site security is poor but it really isn’t. * And strangely says it can read **The readme.html file is still accessible**. * Which is incredibly odd as that was deleted when wordpress was installed some months ago * **Site assets contain traceable data **: * ``` Found - Divi. Add replacements for divi Found - Elementor. Add replacements for elementor Found - WooCommerce. Add replacements for woocommerce ``` * I don’t use any of them and never have done * **The XML-RPC module has not been customised.** The xml-rpc is blocked by wordfence * **Dangerours Files** – Ok trivial but dangerous is spelt wrong 🙂 * **Firewall** – * ``` Found - Failed to block requests using malicious header calls. Found - Failed to block requests using malicious set-cookie calls. Found - Failed to block requests using malicious MySQL code. Found - Failed to block requests using malicious globals calls. Found - Failed to block requests using malicious request calls. ``` * I use Wordfence, Imunify360 and cloudfare. Maybe if these things are getting through which I find hard to believe you should state exactly what is getting through and what requests are being made as it doesn’t make any sense. Viewing 1 replies (of 1 total) * Plugin Contributor [Maya](https://wordpress.org/support/users/tdgu/) * (@tdgu) * [3 years, 6 months ago](https://wordpress.org/support/topic/security-scan/#post-16246064) * Hi, Thanks for your message. This is a new functionality introduced in the last plugin version, so definitely, it can be improved. So your suggestions and feedback are greatly appreciated. * Generally, the Scan rely on many tests that consist of general security checks( server, PHP, WordPress, Hide plugins/themes within etc ). Each task has its security points. Based on the number of points, an overall result is created. * For some of the tasks ( like readme.html ), check if the plugin blocks the file rather than checking on the server. That improves the overall scan speed, but turns out can be a false positive. We will extend that in the next plugin version and check for the file instead. * The Replacements task, actually checks for traces on your site HTML. This is achieved through regex patterns. So definitely you have something on your site, if found Divi, you have a `divi-` or `-divi` trace somewhere. The same for Elementor and WooCommerce. * Some of the WordPress services like XML-RPC, when called internally, the response may not be relevant. As possible that will not be caught by a firewall. So it suggests changing the default service URL, which will be safer. We will try to find a better approach to improve that task. * The firewall task is calling through a wp_remote_get the site URL, along with some basic known as malicious data. They are always caught by the [7G Firewall](https://perishablepress.com/7g-firewall/) which our pro plugin version use. So i think others should do the same, we will check it further why they may fail. * Thanks Viewing 1 replies (of 1 total) The topic ‘Security Scan’ is closed to new replies. * ![](https://ps.w.org/wp-hide-security-enhancer/assets/icon-256x256.png?rev=2937681) * [WP Hide & Security Enhancer](https://wordpress.org/plugins/wp-hide-security-enhancer/) * [Frequently Asked Questions](https://wordpress.org/plugins/wp-hide-security-enhancer/#faq) * [Support Threads](https://wordpress.org/support/plugin/wp-hide-security-enhancer/) * [Active Topics](https://wordpress.org/support/plugin/wp-hide-security-enhancer/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wp-hide-security-enhancer/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wp-hide-security-enhancer/reviews/) * 1 reply * 2 participants * Last reply from: [Maya](https://wordpress.org/support/users/tdgu/) * Last activity: [3 years, 6 months ago](https://wordpress.org/support/topic/security-scan/#post-16246064) * Status: resolved