Problem blocking my site because of HTML: Iframe-inf
https://www.topglorytravel.com/
The problem only appears inside the articles
Please help me to solve this problem
Wait for an avast team member to give the final verdict, as they are the only ones to come and unblock.
We here are just volunteers with relative knowledge in the field of website security issues.
Report your FP request here: https://www.avast.com/en-us/false-positive-file-form.php
Word Press configuration issues: User Enumeration
The first two user ID’s were tested to determine if user enumeration is possible.
ID User Login
1 None bekatcho
2 None top-glory
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. However it is important to understand that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.
Only the first two user ID’s were tested with this scan, try the advanced membership options for detailed enumeration of users, themes and plugins.
Retirable jQuery libraries detected:
jquery 1.12.4-wp Found in https://www.topglorytravel.com/wp-content/cache/busting/1/wp-includes/js/jquery/jquery-1.12.4-wp.js
Vulnerability info:
Medium 2432 3rd party CORS request may execute CVE-2015-9251
Medium CVE-2015-9251 11974 parseHTML() executes scripts in event handlers
Low CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …) because of Object.prototype pollution
F-grade scan reults: https://observatory.mozilla.org/analyze/www.topglorytravel.com
Recommendations for website improment (also look at security):
https://webhint.io/scanner/9ca3fa6e-c516-46c8-8ff4-93639f10f671
Not being flagged: https://www.virustotal.com/gui/url/d3444bc0887e51dead7115bf12ec44c93c706e93b88415fd8d5ba988ccfbe478/detection
Detection because of IP relation detections:
https://www.virustotal.com/gui/ip-address/104.27.140.200/relations
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Nothing out of the ordinairy here either: https://urlscan.io/result/a9d2fc00-227d-4263-b2cc-4ff8fa77c338
Neither any particulars detected here: https://webcookies.org/cookies/www.topglorytravel.com/28787130?409426
Mind however: The page loads 8 third-party JavaScript files and 11 CSS but does not employ Sub-Resource Integrity to prevent breach if a third-party CDN is compromised
Upguard scan (security rating A 880 out of 950) immediate threats endangering website:
failed
Insecure SSL/TLS versions available
Any version of the SSL protocol, and TLS prior to version 1.2, are now considered insecure.
The server should disable support for these old protocols.
failed
HSTS header does not contain includeSubDomains
The HTTP Strict Transport Security (HSTS) header does not contain the includeSubDomains directive.
This directive instructs the browser to also enforce the HSTS policy over subdomains of this domain.
failed
HSTS header not prepared for preload list inclusion
The HTTP Strict Transport Security (HSTS) header does not contain the required field values to be considered for the preload list. The max-age value should be at least 1 year. The includeSubDomains and preload directives should be included.
polonus
No avast alerts found.
Please use form contact https://www.avast.com/en-us/false-positive-file-form.php and capture detection