htaccess Security Headers

[AITpro Admin]

Email Question:

Hi,
I am getting this error. I added custom code but when I tried to check if headers are fine using some scanners [Secuuri / https://securityheaders.com/%5D they show those headers aren’t there. I tried to use the pre-setup then setup tools and got this PhP error. Can you please advise.
Thanks.

[BPS Pro htaccess Protected Secure PHP Error Log]

[04-Sep-2021 18:18:05 UTC] PHP Warning: mb_stripos(): Empty delimiter in /home/nobswebsitecom/public_html/wp-content/plugins/bulletproof-security/admin/system-info/system-info.php on line 537
[05-Sep-2021 07:28:27 UTC] PHP Warning: mb_stripos(): Empty delimiter in /home/nobswebsitecom/public_html/wp-content/plugins/bulletproof-security/admin/system-info/system-info.php on line 537

[AITpro Admin]

Answer:

You can ignore this error message.  I need to add an additional check for an empty delimiter.  What is more important is that when I checked the frontend of your website I found a 403 error, which is suspicious.  The file that is generating the 403 error is this one:  /wp-content/plugins/wpgdprPro_r4duTI/update.php.  When I do a google search I found that this file belongs to a plugin called WP GDPR, but it is suspicious to me because it is related to this plugin on GitHub:  LBE Software Installer > https://github.com/danmattsonmarketing/LBE-Software-Installer/blob/master/clean-slate.php.  When I check the website of the person who created that plugin the website does not have any content.  It could just be that the website is abandoned.  Do you recognize either the WP GDPR plugin or the LBE Software Installer plugin?

If you want to add CSP and other htaccess security headers see these forum topics for examples of how to do that > https://forum.ait-pro.com/forums/topic/mime-sniffing-data-sniffing-content-sniffing-drive-by-download-attack-protection/

https://forum.ait-pro.com/forums/topic/q-about-some-security-code-from-html5-boilerplate/#post-19340

[Author]

Posts