Only Fortinet's Webfilter to flag or also other issues?

See: https://www.virustotal.com/gui/url/087ae22f0dad74b43112d1f6400264c7036f8307ba8369d2e7e0827f7cab01fe/details
See 32 instances of detection: https://urlquery.net/report/26fbec80-b382-4a25-89d0-5e364d3c31e4

Wrong settings: Directory Indexing
In the test an attempt was made to list the directory contents of the uploads and plugins folders to determine if Directory Indexing is enabled. This is a common information leakage vulnerability that can reveal sensitive information regarding your site configuration or content.

/wp-content/uploads/ enabled
/wp-content/plugins/ disabled
Directory indexing was tested on the /wp-content/uploads/ and /wp-content/plugins/ directores. Note that other directories may have this web server feature enabled, so ensure you check other folders in your installation. It is good practice to ensure directory indexing is disabled for your full WordPress installation either through the web server configuration or .htaccess.

Various TLS recommendations, see: https://sitecheck.sucuri.net/results/www.theterribletruth.org

292 hints after linting: https://webhint.io/scanner/26e92081-9ca7-4ab8-93a7-82f7dd3da560

Can site be qualified as “clickbait”?

polonus (volunteer website security analyst and website error-hunter)

The following PHISH only detected by Fortinet’s and Bitdefender TrafficLight for similar activity, i.e. PHISHing.
Re: https://urlquery.net/report/9946fb6b-b13e-48f5-8b37-72074aab34e6
Stop this website is not safe: http://trafficlight.bitdefender.com/info?url=http://crfengineering.com
TLS Recommendations
No redirect from HTTP to HTTPS found. You should redirect your website visitors to the HTTPS version to avoid the “Not Secure” browser warning, → https://sitecheck.sucuri.net/results/crfengineering.com

Protected override void Render(HtmlTextWriter writer) { … escape the WebResource.axd URLS which do not escape their “&” in the … string output = input. … string expect = @“<script -WebResource.axd?d=Cbli8TVmswlinZhqbBaq8bqUDOFqG6zG5K2AkMWtgORbZHetl-4CUjqc3S-vGOPyDk8K1fjs7lyLAIUc8bbFyKtNwg3k0GoIKTbe1D_3cNA1&t=636934634580000000” type="text/javascript
do not remove, If you want to minimize the number of individual requests without breaking your site, look into the ScriptManager’s ability to combine multiple scripts into a single payload instead of individual scripts: http://msdn.microsoft.com/en-us/library/cc488552(v=vs.90).aspx info credits go to stackoverflow’s Dave Ward.

polonus

L.S.

I struggle here to make website developers and maintainers of websites more aware of known and not yet known weaknesses, bugs, exploits, potential threats and malcode, non-optimal practices, again and again.

I report bad configurations, php weaknesses, retirable jQuery libraries,DOM-XSS sinks and sources, attack campaigns and various other issues that are threatening and cause an insecure infrastructure online.

Everyone that then finds the urge to better upgrade, update, patch and lint for recommendations is another one convinced website security should not be a last resort issue. It is important, it will protect yourself and others, it is worth working on it.

Here a site where you can learn more about possible problems, excellent resources for developers and testers alike,
an example at DomStorm: https://domstorm.skepticfx.com/search?q=jQuery
then see: https://domstorm.skepticfx.com/modules/?id=529bbe6e125fac0000000003

Test online for your website at https://retire.insecurity.today/ or use Retire.JS as an extension in the browser to get similar results,
or the web developer extension to validate various cookies, css, forms, javascript, images, information, tools etc. etc. for a particular website. Enjoy, my good friends, enjoy. Push Ctrl+Shift+I and become aware what happens under the hood of your browser when you land at a particular website. Not everybody’s cup of tea, agree, but when you are into this a must.

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)

Has it been taken down now?

Here ESET is the only one to flag malware: https://toolbar.netcraft.com/site_report?url=http://usa.svarog-jez.com
See: https://www.virustotal.com/gui/url/46bbc634b1e607ef6bfd640ebc595300b7efaf41528ff369eeb2bd3e19ffa62e/detection
Could not extract domain → https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=dXN8LnN2fH1dZy1qe3ouXl1t~enc
Has ZeroPark traffic, a domain and pop traffic ppv campaigner.

polonus