Home Forums WordPress Plugins Hide My WP Fixing Secuirty Holes in a Site

This topic is: not resolved
Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • April 6, 2017 at 9:51 pm #15499
    bbsays
    Active
    Post count: 23

    Hi,
    First, thanks for this plugin, it solved lots of security issues. But may I ask if HMWP can fix or how many can it can fix for these security holes in a site outlined belowed (also attached screenshot)?

    1 Malicious File Upload – Critical
    2 Cross Site Scripting – High
    3 Sensitive Information Sent Over Unencrypted Channel – High
    4 Cross-Site Request Forgery High – High
    5 Valid account can be brute forced – Medium
    6 Weak Password Policy Medium – High
    7 Autocomplete and Autofill enabled – Medium
    8 ClickJacking Low – High
    9 HTTP Method(TRACE) enabled on server – Low
    10 Source Code Disclosure Pattern Found – Low
    11 HTTPOnly attribute not set in session cookie – Low
    12 Application Does Not Display Last Login Time and Date – Low
    13 Application is Vulnerable to Simultaneous Login – Low
    14 Session timeout is not set – Low
    15 Email ID Can be Harvested for Spamming – Low
    16 Valid Users can be Enumerated from the Error Messages at Login Page – Low
    17 The Application does not Log off Users on Suspicious Requests – Low
    18 Robots.txt Found on Site – Informational

    How can these holes be fixed?

    Also, how can we be sure if HMWP doesn’t have a security hole that can be exploit?

    Finally, can we use HMWP on AWS?

    Thanks in anticipation.

    With regards

    Thanks in anticipation

    Attachments:
    You must be logged in to view attached files.
    April 7, 2017 at 6:49 am #15520
    Suman M.
    Post count: 12478

    Hi, website security is a complex subject. For wordpress sites, there are several plugins that help make website secure. But every plugin doesn’t have all the features and no one assures you of 100% security as it depends on various parameters.
    With HMWP, the main focus is to hide the fact that your site uses wordpress. Also it has Intrusion Detection System (IDS) which blocks the malicious/harmful requests coming to your site. With HMWP you can also block specific IPs or Countries.
    We recommend you to use HMWP along with other security plugin like Wordfence or ithemes security.

    You can use HMWP on AWS.

    April 7, 2017 at 10:42 am #15528
    bbsays
    Active
    Post count: 23

    Ok Suman,
    We plan to use HMWP with WF but does the two work on AWS Elastic beanstalk?

    Also, does HMWP prevent xss, csrf, malicious file upload, brute-force atta

    • This reply was modified 7 years, 9 months ago by bbsays.
    • This reply was modified 7 years, 9 months ago by bbsays.
    April 9, 2017 at 6:25 pm #15544
    Suman M.
    Post count: 12478

    Yes, both should work on AWS. HMWP IDS will block any incoming requests that are malicious.

    April 11, 2017 at 12:40 am #15565
    bbsays
    Active
    Post count: 23

    Ok Suman, thanks.

    What about the arbitrary support I saw on your product page in themeforest?

    April 11, 2017 at 5:18 am #15572
    Suman M.
    Post count: 12478

    Hi, do you mean the Extended support provided by Envato?

  • Author
    Posts
Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.