- This topic has 4 replies, 2 voices, and was last updated 6 months, 2 weeks ago by
Maik.
-
AuthorPosts
-
August 18, 2020 at 11:07 pm #1408851
Maik
Hello,
you are working for a perfect theme. I guess, you will not like, what I discovered about GeneratePress.
Please have a look at:
https://snyk.io/test/website-scanner/?test=200819_WE_5bd40977dcaa5cbe5e976e475f4ee244&utm_medium=referral&utm_source=webpagetest&utm_campaign=website-scannerThe snyk security test brings up several vulnurabilities in GeneratePress:
– Using jQuery 1.12.4
– Strict Transport Security
– X Content Type Options
– X Frame Options
– Content Security Policy
– X XSS ProtectionResulting, the grade for security in WebPagetest.org (using snyk) is an F.
Could you please have a look into it and maybe you have something to do for future versions.
August 18, 2020 at 11:52 pm #1408880Tom
Lead DeveloperLead DeveloperHi there,
When needed, GeneratePress uses the core packaged jQuery version that is provided by WordPress itself:
https://wordpress.stackexchange.com/questions/244537/why-does-wordpress-use-outdated-jquery-v1-12-4The other issues are all on the server-side of things, not the theme:
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
- https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
The website you tested is our Site Library demo server, so it hasn’t been set up with all of this extra security, as its only purpose is to show off the front-end of our demo sites. Wouldn’t hurt to add though, I’ve added it to be done.
Thanks!
Documentation: http://docs.generatepress.com/
Adding CSS: http://docs.generatepress.com/article/adding-css/
Ongoing Development: https://generatepress.com/ongoing-developmentAugust 18, 2020 at 11:59 pm #1408885Maik
Hello Tom,
thank you for this information. I will talk to my Webhosting Provider, if they could fix it, too.
August 19, 2020 at 8:54 am #1409789Tom
Lead DeveloperLead DeveloperNo problem!
Documentation: http://docs.generatepress.com/
Adding CSS: http://docs.generatepress.com/article/adding-css/
Ongoing Development: https://generatepress.com/ongoing-developmentAugust 19, 2020 at 9:00 am #1409806Maik
Hello Tom,
thank you for your reply. Just for someone else:
I learned today, that these settings can be made in .htaccess and I already added some lines of code – et voilá.
-
AuthorPosts
- You must be logged in to reply to this topic.