Fix security flaws in wordpress website
- or -
Post a project like this1229
£100(approx. $126)
- Posted:
- Proposals: 4
- Remote
- #3076555
- Awarded
Description
Experience Level: Entry
we have the following issues in our wordpress website (they are listed at the bottom of this panel)
tasks:
1 - Provide detail on how to find these security flaws
2 - Confirm if these issues are still a problem
3 - Document how to fix them and then fix the issues
We want to be able to use this information for future websites
… I need to make you aware of the issues with the new WordPress site you are moving to.
After running checks on the site, we can see there are several vulnerabilities which will allow hackers to gain access to the site.
You may wish to send the details to your new developer.
· Currently three of the plugins need have Cross-site Scripting (XSS) exploits. These are:
o Email Subscribers
o JS Composer
o Sitepress Multilingual CMS
· The version of WordPress is exposed to the internet so hackers can identify exploits within that version. The current version is 5.4.2 and needs to be updated to 5.5.1.
· Another major issue is that we can see the users logins. We have enumerated the first two which are tuqoise and david-casale. For a hacker, this is 50% of the work needed to allow them to hack the site.
· Finally, the Security Headers on the site are graded F [eur01.safelinks.protection.outlook.com] which opens the door to a hacker with the exploits found in the plugins.
I would [like to] say it’s uncommon to have hackers hack a WordPress site but unfortunately this isn’t the case. In other roles, I have had numerous clients approach me to fix this same problem.
As I have said, with good security practice you should have no problems with your new site but it’s essential these are addressed.
After running checks on the site, we can see there are several vulnerabilities which will allow hackers to gain access to the site.
You may wish to send the details to your new developer.
· Currently three of the plugins need have Cross-site Scripting (XSS) exploits. These are:
o Email Subscribers
o JS Composer
o Sitepress Multilingual CMS
· The version of WordPress is exposed to the internet so hackers can identify exploits within that version. The current version is 5.4.2 and needs to be updated to 5.5.1.
· Another major issue is that we can see the users logins. We have enumerated the first two which are tuqoise and david-casale. For a hacker, this is 50% of the work needed to allow them to hack the site.
· Finally, the Security Headers on the site are graded F [eur01.safelinks.protection.outlook.com] which opens the door to a hacker with the exploits found in the plugins.
tasks:
1 - Provide detail on how to find these security flaws
2 - Confirm if these issues are still a problem
3 - Document how to fix them and then fix the issues
We want to be able to use this information for future websites
… I need to make you aware of the issues with the new WordPress site you are moving to.
After running checks on the site, we can see there are several vulnerabilities which will allow hackers to gain access to the site.
You may wish to send the details to your new developer.
· Currently three of the plugins need have Cross-site Scripting (XSS) exploits. These are:
o Email Subscribers
o JS Composer
o Sitepress Multilingual CMS
· The version of WordPress is exposed to the internet so hackers can identify exploits within that version. The current version is 5.4.2 and needs to be updated to 5.5.1.
· Another major issue is that we can see the users logins. We have enumerated the first two which are tuqoise and david-casale. For a hacker, this is 50% of the work needed to allow them to hack the site.
· Finally, the Security Headers on the site are graded F [eur01.safelinks.protection.outlook.com] which opens the door to a hacker with the exploits found in the plugins.
I would [like to] say it’s uncommon to have hackers hack a WordPress site but unfortunately this isn’t the case. In other roles, I have had numerous clients approach me to fix this same problem.
As I have said, with good security practice you should have no problems with your new site but it’s essential these are addressed.
After running checks on the site, we can see there are several vulnerabilities which will allow hackers to gain access to the site.
You may wish to send the details to your new developer.
· Currently three of the plugins need have Cross-site Scripting (XSS) exploits. These are:
o Email Subscribers
o JS Composer
o Sitepress Multilingual CMS
· The version of WordPress is exposed to the internet so hackers can identify exploits within that version. The current version is 5.4.2 and needs to be updated to 5.5.1.
· Another major issue is that we can see the users logins. We have enumerated the first two which are tuqoise and david-casale. For a hacker, this is 50% of the work needed to allow them to hack the site.
· Finally, the Security Headers on the site are graded F [eur01.safelinks.protection.outlook.com] which opens the door to a hacker with the exploits found in the plugins.
Bob T.
99% (62)Projects Completed
54
Freelancers worked with
46
Projects awarded
27%
Last project
2 Jul 2021
United Kingdom
New Proposal
Login to your account and send a proposal now to get this project.
Log inClarification Board Ask a Question
-
There are no clarification messages.
We collect cookies to enable the proper functioning and security of our website, and to enhance your experience. By clicking on 'Accept All Cookies', you consent to the use of these cookies. You can change your 'Cookies Settings' at any time. For more information, please read ourCookie Policy
Cookie Settings
Accept All Cookies