jpfssi
Forum Replies Created
-
Could these errors occur due to site inactivity? I did read that scheduled WP Cron tasks could produce errors due to site inactivity. I do have other sites that have less traffic that also have cron tasks that give errors.
I did install the WP-Crontrol, however, I’m not sure what to look what to do with it as it is showing me which cron tasks are currently running, edit the task, check how often it runs and if I would like to create a new task to schedule.
It just seems a little inconsistent that the error is mostly showing up on the primary site (fssi-ca.com) and the other sites including the staging sites do not get similar errors and others don’t have it at all. In fact the staging site to fssi-ca.com has this specific cron error 3 times the entire month of April while the live site has gotten at least one on a daily basis. There is significantly less or almost zero traffic on the staging sites so I assume the WP cron would occur more often there.
I’ll take a look at the plugin however, I am now seeing this error on my other sites as well as all the staging sites including the fssi-ca.com one. The frequency at which they occur and the time of day all differ.
Got it. I went ahead and disabled the notices in the staging sites. Please let me know if there is a resolution to this issue in the future. This has been something we noticed for the last few months and have not found a proper solution.
I found the “Dismiss all notices” setting and that did remove the recommendation, but would that mean that any issues that come up will not show up in the site health status?
Yes, I just checked and unfortunately the recommendations are still coming up under the Tools > Site Health. It’s still the same 3 security headers. I checked one of our other websites with a similar main and staging setup and that too is still showing the same exact headers. I updated the plugin yesterday.
- This reply was modified 3 years ago by jpfssi.
I noticed that there was another update to the plugin and I went ahead and updated, however, there was still no resolution to the staging site issue. The same 3 security recommendations are still coming up:
Upgrade Insecure Requests
Permissions-Policy
HTTP Strict Transport SecurityThese security recommendations have been added to the htaccess file and are resolved in the live site (http://fssi-splash.com/) but still showing up in the staging site (http://fssi-splash.com/stage/).
I found that updating the plugin from last week has removed the settings I manually added within the #Begin Really Simple Security and #End Really Simple Security causing all the security header recommendations to get flagged. I added the manual settings in and now recommendations are good with the ‘main’ site. It took a few days for the recommendations to disappear but eventually it did on the ‘main’ site.
However, when it comes to the staging site, I’m still getting the same security header recommendations even though these same issues has been resolved on the ‘main’ site and both staging and main sites have the same security settings in place. Here are the recommendations for the staging site based off the RS SSL plugin:
- Upgrade Insecure Requests
- X-XSS protection
- Referrer-Policy
- Permissions-Policy
Is there another way to resolve these issues on the staging site (http://fssi-splash.com/stage/)?
Since there was an update this morning to the plugin, I went ahead and updated. I noticed the results of the main site has changed from when you did your scan to the current results. I assume it was due to the update this morning and that it will take some time to propagate the correct header settings again.
However, I haven’t made any updates to the headers before or after the plugin update earlier today. I did test the /stage site earlier (before the update) and got the same A+ result as the main site before the update. I did double check the header settings to see if the settings are still there and settings have not changed.
I will check again later to see if the results have changed again. I’ll come back here to see if the /stage site still has the same issue and if the main site is still showing a lower grade result.
Thank you for the quick response. I should have been more clear. Yes you are correct. However, the website in question is https://fssi-splash.com/stage. I did test the /stage site at the link you provided and that also shows that the headers are installed correctly.
I’ve had this issue for over a month already. The non-staging site took less than a week for the security header recommendations to go away but the /stage site recommendations are still there.