Which paid plan can we get to have wordpress address some of our vulnerbilities assessment concerns?

  • Unknown's avatar
    ahsnutrition · Member ·

    Our company recently done a security audit on our blog and discovered 6 medium and 3 low risk vulnerabilities. We wish to continue to use this WordPress platform but would require WordPress to help address them. We are on the free plan right now, and was wondering which paid plan will have WordPress support on this.

    Some of the vulnerabilities for examples are:
    1. X.509 Certificate Subject CN Does Not Match the Entity Name (certificate-common-name-mismatch)
    2. Cross Site Scripting Vulnerability (http-cgi-0010)
    3. TLS/SSL Birthday attacks on 64-bit block ciphers (SWEET32) (ssl-cve-2016-2183-sweet32)
    4. Click Jacking (http-generic-click-jacking)
    5. TLS/SSL Server is enabling the BEAST attack (ssl-cve-2011-3389-beast)
    6. TLS Server Supports TLS version 1.0 (tlsv1_0-enabled)

  • staff-blorbo · Staff ·

    What is the URL of the site with the problem?

  • Unknown's avatar
    ahsnutrition · Member ·

    ahsnutrition.health.blog

    Please advise. thank you.

    Gladys

  • staff-mckluskey · Staff ·

    Hi Gladys,

    WordPress.com is a shared environment and we are very serious about the security of our sites. I’m not familiar with the test you are mentioning, however, you can read here more about the security of the sites hosted with us:

    https://wordpress.com/support/security/

  • The topic ‘Which paid plan can we get to have wordpress address some of our vulnerbilities assessment concerns?’ is closed to new replies.