Problem blocking my site because of HTML: Iframe-inf

[ibrahimahmedacc]

Problem blocking my site because of HTML: Iframe-inf
hxtps://www.itshd.co/

The problem only appears inside the articles
Please help me to solve this problem

[Pondus]

The problem only appears inside the articles

articles that you have link to on your website?

post screenshot of avast message then we can see what/where avast see it

[polonus]

Hi ibrahimahmedacc,

You have some configuration problems concerning your Word Press site settings and also outdated PHP version.

Outdated Software Detected: PHP under 7.4.0 e.g. PHP 7.1.33

Word Press CMS low impact scan found:

User Enumeration
  The first two user ID's were tested to determine if user enumeration is possible.

ID   User   Login
1   None   admin
2   None   ibby

It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. However it is important to understand that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.

Directory Indexing
In the test an attempt was made to list the directory contents of the uploads and plugins folders to determine if Directory Indexing is enabled. This is a common information leakage vulnerability that can reveal sensitive information regarding your site configuration or content.

/wp-content/uploads/      enabled
/wp-content/plugins/      disabled

Directory indexing was tested on the /wp-content/uploads/ and /wp-content/plugins/ directores. Note that other directories may have this web server feature enabled, so ensure you check other folders in your installation. It is good practice to ensure directory indexing is disabled for your full WordPress installation either through the web server configuration or .htaccess.

See the problems in your code here: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=d3d3Llt0c2gjLl5dYA%3D%3D~enc

Recommendations found through linking: https://webhint.io/scanner/15fef5d3-85eb-4bd7-8b24-4572141c46bb#category-security

No vuln. here: https://retire.insecurity.today/#!/scan/1c16c9825ce8461abb64f503c3a47cb9b491a0b38d56ad187420bec6544f4cb8

Consider F-grade scan results here: https://observatory.mozilla.org/analyze/www.itshd.co

-3 security score here: https://webcookies.org/cookies/www.itshd.co/28854547?392302

This seems OK: https://www.unmaskparasites.com/security-report/?page=https%3A//www.virustotal.com/gui/rl

Also see: https://www.virustotal.com/gui/domain/www.itshd.co/details
and also given the all clear here: https://www.virustotal.com/gui/domain/www.itshd.co/relations

Resource securely loaded over TLS.

So you should wait for an avast team member to give a final verdict, as they are the only ones to come and unblock.
We here are just volunteers with relative knowledge in the field of website security (see the above report).

Have a peaceful day,

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)