ethicalhack3r
Forum Replies Created
-
Forum: Reviews
In reply to: [WPScan - WordPress Security Scanner] Security check XML-RPC EnabledHi,
You can simply ignore the vulnerability so that it won’t be reported.
See screenshot here: https://ibb.co/L8v7nn3
A one star review really hurts our plugin 🙁
I think it is very unfair for simply not being able to disable a security check.
Thanks,
RyanHi,
Thank you for your patience.
This should be fixed in version 1.15 released just now.
Let me know if you have any further issues or any other feedback.
Thanks again,
RyanForum: Reviews
In reply to: [WPScan - WordPress Security Scanner] Security check XML-RPC EnabledApologies for the late response, please see: https://blog.wpscan.com/2021/01/25/wordpress-xmlrpc-security.html
Hi!
Thank you for letting us know.
We have opened an issue internally and will investigate.
I’ll let you know once we release a new version with the fix.
Thanks,
RyanHi Libla,
Thank you for the feature request.
I have opened a ticket internally for the feature and I will update this thread once implemented.
Thanks again,
RyanForum: Plugins
In reply to: [WPScan - WordPress Security Scanner] HTTPS/ SSL warning messageI was unable to reproduce the “Undefined index: HTTP_HOST” error locally, but have made a change and released version 1.14.3, which I think should fix the issue. Please let me know if it does not.
Forum: Plugins
In reply to: [WPScan - WordPress Security Scanner] Automated scanning not workingThis should be fixed in version 1.14.2 🙂
Forum: Plugins
In reply to: [WPScan - WordPress Security Scanner] HTTPS/ SSL warning messageThis should be fixed in version 1.14.2.
Thank you for your help.
Forum: Plugins
In reply to: [WPScan - WordPress Security Scanner] HTTPS/ SSL warning messageI have setup a test environment on SiteGround, with HTTPS and Cloudflare.
I’m just waiting for a domain name to transfer over to SiteGround before I can enable HTTPS on the site to test it.
Once this is done, I can properly test how the plugin behaves when using HTTPS and Cloudflare and fix the issue.
I just thought I’d update you as the domain transfer might take a day or two.
For now, you can ignore the warning in the “Ignore vulnerabilities” metabox, on the right hand side of the report page.
Forum: Plugins
In reply to: [WPScan - WordPress Security Scanner] HTTPS/ SSL warning messageThanks for the info @webbernaut!
I’ll look into this today and release a new version with a fix.
Forum: Plugins
In reply to: [WPScan - WordPress Security Scanner] Automated scanning not workingThanks for letting us know Erik, we’ll get that fixed today.
Forum: Plugins
In reply to: [WPScan - WordPress Security Scanner] HTTPS/ SSL warning messageHi Sally,
Thank you for letting us know.
Just to confirm, when you installed the plugin it was showing that there was no https, then when you ran a scan, it correctly showed that there was?
Thanks again,
RyanThank you 🙂
We have just released version 1.14.1 which should fix your issue.
Let us know if you have any further issues.
Ah, the weak password check actually works like a brute force attack under the hood. We didn’t think that it would trigger any brute force protection mechanisms from third-party plugins.
We’ll have a look into it, and hopefully have a fix sometime later tonight.
Sorry for the inconvenience!
Thanks for the report!
Can you confirm how many users you have please?
We check the passwords of the following users roles:
administrator, editor, author, contributor