See: Reverse DNS 67-222-44-154.unifiedlayer.com WOT alerted! → landing here: -http://www.baymro.com/
Baymro Safety China, start PPE to MRO, protecti… padlock icon
wXw.baymro.com
Alerts (1)
Insecure login (1)
Password will be transmited in clear to -http://www.baymro.com/wp-login.php?redirect_to=http%3A%2F%2Fwww.baymro.com%2F
Infos (1)
Encryption (HTTPS) (1)
Communication is NOT encrypted
WordPress Plugins
The following plugins were detected by reading the HTML source of the WordPress sites front page.
wp-e-commerce latest release (3.11.2)
http://wpecommerce.org/
wp-super-cache latest release (1.4.8)
https://wordpress.org/plugins/wp-super-cache/
jquery-vertical-accordion-menu latest release (3.1.2)
http://www.designchemical.com/blog/index.php/wordpress-plugins/wordpress-plugin-jquery-vertical-accordion-menu-widget/
Plugins are a source of many security vulnerabilities within WordPress installations, always keep them updated to the latest version available and check the developers plugin page for information about security related updates and fixes.
A-Status and all OK: https://sritest.io/#report/15f88083-ad36-4b65-a448-9aac479ddaa1
Result
It looks like 2 cookies are being set without the “HttpOnly” flag being set (name : value):
PHPSESSID : b5jbocjcnb3f2kor7so0sl7kf2
wpsc_customer_cookie_844924ff72cd8a4a3a1d7072ab39f73c : 7449%7C1463604330%7C286d1f4f8795850b5d673129061ed40b
Unless the cookie legitimately needs to be read by JavaScript on the client, the “HttpOnly” flag should always be set to ensure it cannot be read by the client and used in an XSS attack. Explainable through the meagre F-Status results here: https://securityheaders.io/?q=http%3A%2F%2Fwww.baymro.com%2F
polonus (volunteer website security analyst and website error-hunter)