Hi Andreas Leong,
Some recommendation towards your site's improvement, also security related items * of which 125 security items:
249 in all:
https://webhint.io/scanner/01c75d8f-cd88-4bd2-8c85-4804945ea3a6* Security Checks for -http://www.5dummies.com
(6) Susceptible to man-in-the-middle attacks
(5) Domain at risk of being hijacked
Vulnerabilities can be uncovered more easily
(2) Emails can be fraudulently sent
(3) Unnecessary open ports
DNS is susceptible to man-in-the-middle attacks
Still get a webshield detection for url-phishing from avast..probably an old McAfee blacklisting on IP domains.
Given an all green here:
https://zulu.zscaler.com/submission/d9967602-452e-40ba-aac8-47f70b11b746Word Press config, disable settings for directory listing!
DOM-XSS issues: Results from scanning URL: -http://www.5dummies.com/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.1.3
Number of sources found: 32
Number of sinks found: 13
and Results from scanning URL: -https://stats.wp.com/e-201921.js
Number of sources found: 121
Number of sinks found: 26
Detected with Retire.js
jquery 1.12.4 Found in -https://s1.wp.com/home.logged-out/page-jan-2019/js/bundle.js?v=1556230286
Vulnerability info:
Medium 2432 3rd party CORS request may execute CVE-2015-9251
Medium CVE-2015-9251 11974 parseHTML() executes scripts in event handlers
Medium CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution
F-grade scan results and recommendations:
https://observatory.mozilla.org/analyze/www.5dummies.comDr.Web's URLologist says:
Checking: -https://www.5dummies.com/wp-json/
Engine version: 7.0.34.11020
Total virus-finding records: 7682689
File size: 159.23 KB
File MD5: e24a826f48c27f7db49359cd3dba9fbf
-https://www.5dummies.com/wp-json/ - Ok
polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)