Security Alert - Need Update

11assets · May 17, 2020, 6:16pm

www.webpagetest.org - finds out that wordpress sites hosted on cyberpanel does have security issues and gives “F” score.

Need to add these:

Strict Transport Security (HSTS)
A HSTS Policy informing the HTTP client how long to cache the HTTPS only policy and whether this applies to subdomains.

X Content Type Options
The only defined value, “nosniff”, prevents Internet Explorer from MIME-sniffing a response away from the declared content-type. This also applies to Google Chrome, when downloading extensions

X Frame Options
Clickjacking protection: deny - no rendering within a frame, sameorigin - no rendering if origin mismatch, allow-from - allow from specified location, allowall - non-standard, allow from any location

Content Security Policy
A computer security standard introduced to prevent cross-site scripting (XSS), clickjacking and other code injection attacks resulting from execution of malicious content in the trusted web page context

X XSS Protection
A Cross-site scripting filter

Thanks

bsanz16 · May 21, 2020, 1:33pm

You can add them in OLS panel. very easy

S4_Hosting · May 21, 2020, 8:10pm

This is not a security alert that needs an update.

Security headers should be set at an individual server or even a site level.

If you are using OLS then you can use this method: [Tutorial] How to add additional http header - Blog Posts - CyberPanel Community

If you are using LSWS then you can just add them to apache config files or .htaccess for individual sites.

Wyzzy · August 16, 2020, 9:05am

Ok, I found the code to reset the Openlitespeed credentials
/usr/local/lsws/admin/misc/admpass.sh