Ran a WebPage test and it reports a security issue on my wordpress.com site (but I don’t use/own any of the code)
-
I ran a WebPageTest scan and it reports a security issue. With all the code being owned/run by WordPress.com I am unsure how this happened or how best to get the issue fixed. Hoping you can help.
https://www.webpagetest.org/result/210906_AiDcXP_bec6a00854f1a6afac8af065b320f48f/ gives a security score of E.
> JavaScript Libraries with vulnerabilities
> Security headers
> The following security headers are missing from the website:
> X Content Type Options
> X Frame Options
> Content Security Policy
> X XSS ProtectionSite: https://from2005toeternity.wordpress.com.
WP.com: Yes
Correct account: Yes -
Hi there,
Because WordPress.com is a managed platform that is cloud based and has to work with millions of sites that share the same resources. Because of this we are not able to implement the security recommendations provided by that tool, which are intended for single sites that are installed on a traditional hosting provider and using dedicated resources.
To effectively implement those recommendations you would need to migrate to a traditional host so you can manage your site independently and set up site-specific security headers, etc.
It’s also worth pointing out that while we may not score for the specific tests that tool is running, we do take your security very (!) seriously. You can learn more about that here: https://wordpress.com/support/malware-and-site-security/
Hope that helps. Please let us know if you have any more questions.
-
- The topic ‘Ran a WebPage test and it reports a security issue on my wordpress.com site (but I don’t use/own any of the code)’ is closed to new replies.
WordPress.com Forums 