Insecure WordPress settings detected: User Enumeration
The first two user ID’s were tested to determine if user enumeration is possible.
ID User Login
1 None florov
2 None None
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. However it is important to understand that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.
Reputation Check
PASSED
Google Safe Browse: OK
Spamhaus Check: OK
Abuse CC: OK
Dshield Blocklist: OK
Cisco Talos Blacklist: OK
Web Server:
Apache
X-Powered-By:
None
IP Address:
-78.142.62.227
Hosting Provider:
Telepoint Ltd
Shared Hosting:
193 sites found on -78.142.62.227
CVE-2018-15919 Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states ‘We understand that the OpenSSH developers do not want to treat such a username enumeration (or “oracle”) as a vulnerability.’
CVE-2017-15906 The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.
Wait for an avast team member to give a final verdict. They are the only ones to come and unblock.
We here are just volunteers with relative knowledge on website security analysis that come to advize you.
pozdrawiam,
polonus (volunteer 3rd party cold reconnaisance website security analysis and website error-hunting)