A professional CDN? - I mean to doubt it seen these results...

polonus · 2017-10-26T11:14:32.000Z

First I would never have thought to find the use of WordPress in this professional CDN environment ??? :
Server: None
X-Powered-By: None
IP Address: 209.197.3.30
Provider: Highwinds Network Group
Country: United States

CMS WP
Web application version:
Wordpress Version 4.7.x/4.8 based on: -https://www.highwinds.com//wp-admin/js/editor-expand.js
WordPress version: 4.7.x/4.8
WordPress theme: -https://www.highwinds.com/wp-content/themes/highwinds-quindo/

No info proliferation, that at least has been done correctly, but Word Press has outdated plug-in software: WordPress Plugins
The following plugins were detected by reading the HTML source of the WordPress sites front page.

wordpress-seo 5.6.1 latest release (5.7.1) Update required
https://yoast.com/wordpress/plugins/seo/
contact-form-7 4.9 latest release (4.9)
https://contactform7.com/ (not well configured it is a liability)
Plugins are a source of many security vulnerabilities within WordPress installations, always keep them updated to the latest version available and check the developers plugin page for information about security related updates and fixes.

Reverse DNS -vip0x01e.map2.ssl.hwcdn.net or via -a23-32-70-19X.deploy.static.akamaitechnologies.com

Overall low rating here: https://privacyscore.org/site/33770/ with 31 of which 12 are bad trackers there (oh… you poor Americans
customers :-X) ; no HSTS set, no valid Public Key Pins, server vulnerable to sweet32 attack and Lucky13 attack.

No security headers set (5). Vulnerable server to CRIME attack and Secure Client Initiated re-negotiation.
Server supports the outdated and insecure RC4 cipher :o

Mediocre F-Grade status and recommendations: https://observatory.mozilla.org/analyze.html?host=www.highwinds.com

Retirable jQuery library found with bootstrap jQuery issue: http://retire.insecurity.today/#!/scan/ed18922eb3717d777ef9e0581f58f56fb7c5593424ff3774a1a1dc048339d8b9

7 problems here: https://mxtoolbox.com/domain/www.highwinds.com/

Also consider: http://www.domxssscanner.com/scan?url=https%3A%2F%2Fwww.highwinds.com%2F

All scan results and analysis from public scan data via cold reconnaissance third party scanning by

polonus (volunteer website security analyst and website error-hunter)

Announcements