It is not protecting

  • Hi,
    I installed your plugin. but when I scan my site with syhunt community, it still gives
    vulnerabilities like “Missing HTTP Strict Transport Security,Missing XSS Protection Header, Missing Clickjacking Protection Header, Missing Content Sniffing XSS Protection”.
    Is there anything wrong. I use newsmag.
    I clicked Force HTTPS protocol(all aptions), Manage display in remote frames(Deny), Force XSS protection, Disable content sniffing from options.

Viewing 9 replies - 1 through 9 (of 9 total)
  • Plugin Author Carl

    (@carlconrad)

    Hello,

    Do you use a cache plug-in? Some plug-ins rewrite the HTTP header regardless of its previous content. Therefore, I’ve added an option to get the contents to add to the .htaccess file.

    Regards,
    Carl

    Thread Starter algoritmaturk

    (@algoritmaturk)

    YEs I am using Wp Super Cache plug-in, “Cache HTTP headers with page content” option is not selected.
    How I can solve the problem?

    Thread Starter algoritmaturk

    (@algoritmaturk)

    And I checked “Disable header rewriting” option. nothing is changed.

    Plugin Author Carl

    (@carlconrad)

    As mentionned on the option page: “Some cache plug-ins rewrite the HTTP headers. In this case, you may need to have to insert the following content in your .htaccess file. If so, please disable the rewriting of the HTTP headers.”, when disabling the rewriting of the header, you need to manually copy the settings into your .htaccess file.

    Thread Starter algoritmaturk

    (@algoritmaturk)

    Hi,
    I did all of them what you say.
    I checked (enabled) “Disable header rewriting” option.
    I manually copied http headers’ content to .htaccess file and save it.
    But there is still “Missing HTTP Strict Transport Security”
    Thanks

    Plugin Author Carl

    (@carlconrad)

    For troubleshooting, what happens if you disable the cache plug-in?

    Thread Starter algoritmaturk

    (@algoritmaturk)

    Hi,
    I tried it, but nothing changed. Thanks

    Hi,
    i’ve the same issue, using a cache and http headers are rewrited. Unfortunatelly i’ve got an error 500 when i copy/paste the Http security setting into the .htaccess
    any way to solve that?
    regards

    Thread Starter algoritmaturk

    (@algoritmaturk)

    you should past content end of htaccess file, dont overwrite htaccess original content.
    My problem did not solved completely

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘It is not protecting’ is closed to new replies.