buenas a todos! soy ruben y regento una pagina web y un comercio local, el problema es que me han tirado la web en un par de ocasiones y no se si se puede colocar avast en mi web ya que lo tengo en todos los equipos tanto encasa como en el trabajo y desconozco si se puede mi web por si necesitas ver algo de seguridad hxxps://terragrowshop.com/ no se si es por el tipo de nicho pero este sector soporta ataques constantes en internet… mil gracias quedo ala espera.
Échale un vistazo a este artículo: https://www.infratech.es/noticias/2022/asegurar-web-WordPress.html
Ola terragrow and Infratech Solutions,
I reply to you in English as it is standard language of these here forums. There is a spanish section as well. Please inform.
Your website is outdated. You are making use of an outdated and vulnerable version of PHP.
See: https://sitecheck.sucuri.net/results/terragrowshop.com
Threat detected as a misconfiguration means your site could be hacked.
Re:
Directory Indexing
In the test an attempt was made to list the directory contents of the uploads and plugins folders to determine if Directory Indexing is enabled. This is a common information leakage vulnerability that can reveal sensitive information regarding your site configuration or content.Path Tested Status
/wp-content/uploads/ enabled (this setting is wrong and should be set to disabled.
/wp-content/plugins/ disabled
Directory indexing is tested on the /wp-content/uploads/ and /wp-content/plugins/ directores. Note that other directories may have this web server feature enabled, so ensure you check other folders in your installation. It is good practice to ensure directory indexing is disabled for your full WordPress installation either through the web server configuration or .htaccess.
Weak security issue for jquery and PHP version.
Weak Security JavaScript Library Migrate please to a secure version. jquery-migrate 3.3.2No vulnerabilities detected in this version
JavaScript Library
jquery 3.6.0No vulnerabilities detected in this version
Missing security headers foundfor x-content-type-option, x-xss-frame-options,
content security policy-options, no secure autocomplete options. SSL implementation is secure.
Con Dios,
polonus (volunteer 3rd party cold reconnassance website securty analyst and website error-hunter)
Interesting discussion on the use of ExactMetris fron-end plug-in in Word Press here: (source: quora dot com)
https://www.quora.com/What-is-ExactMetrics-in-Wordpress-Can-I-trust-it?share=1
Check for update versions:
Plugin Update Status About kk-star-ratings 5.3.4 Current latest release (5.3.4) https://github.com/kamalkhan/kk-star-ratings wordpress-seo-premium 19.3 Unknown revslider Unknown divi-builder Unknown gp-premium 2.1.2 Unknown moneytigo 1.5.3 Current latest release (1.5.3) https://my.ovri.app srs-simple-hits-counter 1.1.0 Current latest release (1.1.0) http://sandyrig.com/srs-simple-hits-counter/ age-gate Unknown latest release (3.0.9) https://agegate.io/ anti-spam 7.3.3 Current latest release (7.3.3) http://wordpress.org/plugins/anti-spam/ table-of-contents-plus 2106 Current latest release (2106) google-analytics-dashboard-for-wp 7.9.1 Current latest release (7.9.1) https://exactmetrics.com woocommerce 7.0.0 Current latest release (7.0.0) https://woocommerce.com/
pol