- This topic has 4 replies, 2 voices, and was last updated 6 months, 2 weeks ago by
.
-
Posts
-
Hello,
you are working for a perfect theme. I guess, you will not like, what I discovered about GeneratePress.
Please have a look at:
https://snyk.io/test/website-scanner/?test=200819_WE_5bd40977dcaa5cbe5e976e475f4ee244&utm_medium=referral&utm_source=webpagetest&utm_campaign=website-scannerThe snyk security test brings up several vulnurabilities in GeneratePress:
– Using jQuery 1.12.4
– Strict Transport Security
– X Content Type Options
– X Frame Options
– Content Security Policy
– X XSS ProtectionResulting, the grade for security in WebPagetest.org (using snyk) is an F.
Could you please have a look into it and maybe you have something to do for future versions.
Lead Developer
Hi there,
When needed, GeneratePress uses the core packaged jQuery version that is provided by WordPress itself:
https://wordpress.stackexchange.com/questions/244537/why-does-wordpress-use-outdated-jquery-v1-12-4The other issues are all on the server-side of things, not the theme:
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
- https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
The website you tested is our Site Library demo server, so it hasn’t been set up with all of this extra security, as its only purpose is to show off the front-end of our demo sites. Wouldn’t hurt to add though, I’ve added it to be done.
Thanks!
Documentation: http://docs.generatepress.com/
Adding CSS: http://docs.generatepress.com/article/adding-css/
Ongoing Development: https://generatepress.com/ongoing-developmentHello Tom,
thank you for this information. I will talk to my Webhosting Provider, if they could fix it, too.
No problem!
Documentation: http://docs.generatepress.com/
Adding CSS: http://docs.generatepress.com/article/adding-css/
Ongoing Development: https://generatepress.com/ongoing-developmentHello Tom,
thank you for your reply. Just for someone else:
I learned today, that these settings can be made in .htaccess and I already added some lines of code – et voilá.
- You must be logged in to reply to this topic.