Configuration setting in Word Press CMS wrong: Warning User Enumeration is possible
The first two user ID's were tested to determine if user enumeration is possible.
ID User Login
1 admin admin
2 Sabrina Carpenter editor
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. However it is important to understand that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.
2 vuln. jQuery libraries detected:
http://retire.insecurity.today/#!/scan/972fcd1b28d2d91f72dc17e116763fb878ecab4c49f8d4eb590117c4bf88389bYour site is not only generically blocked by avast's but also by MacAfee
Quttera flags: /wp-content/themes/sabrinacarpenter/assets/scripts/rdata.js
Severity: Potentially Suspicious
Reason: Detected procedure that is commonly used in suspicious activity.
Details: Too low entropy detected in string [['<header><span class="callltr"></span><span class="name"></span><span class="geo"></span></header><fo']] of length 114 which may point to obfuscation or shellcode.
Nothing specific here:
https://threatintelligenceplatform.com/report/sabrinacarpenter.com/i4rcHoRWYRWait for the final verdict of an avast team member whether this is indeed a false posiitive.
polonus (volunteer website security analyst and website error-hunter)