New audit

optiuser.com

Scanned Jun 24, 2026, 07:31 PM

Run a fresh audit — Upgrade
94
A · Safe
13
Plugins Detected
1
Active Vulnerabilities
0
Outdated Plugins
0
Abandoned

Security Assessment

Key findings for optiuser.com

  • 1 active vulnerability detected across 13 plugins.
  • Security headers are well configured.
  • 2 sensitive paths exposed to the public.

WordPress

Version 7.0
Core installation

Active Theme

hub v6.0.2
Up to date

Hosting Provider

SiteGround
Infrastructure

Detected Plugins

13 total
PluginVulnerabilities
None found
None found
hub-core
hub-core
medium confidence
None found
None found
1 total vulnerability detected across 13 plugins

Your full security report is ready

We found 13 plugins on this site. Unlock the complete analysis:

All 13 detected plugins
CVE details & patch status
Security header analysis
Exposed paths & TLS audit
DNS & email security
CT log subdomain discovery

Security Report

one-time
$49USD
  • Full report for this site
  • Every detected plugin & CVE
  • Remediation guidance
  • No re-audit after fixes
Get Report — $49
Recommended

Report + Re-audit

best value
$99USD
  • Everything in Security Report
  • One complimentary re-audit within 90 days
  • Verify your fixes actually closed the findings
  • Clean-record badge for your site

Guided Remediation

small business
$299USD
  • Everything in Report + Re-audit
  • 15–30 min expert consult to triage findings
  • Prioritized action plan for your site
  • Optional partner handoff for fixes
Get Guided Remediation — $299

One-time payment · Instant access · No subscription required

Not ready to buy? We'll send you a one-time free alert

if we detect a new vulnerability affecting your plugins.

One free alert · Continuous monitoring available with a paid plan

Security Posture

A
Security Headers
B
TLS/SSL
F
Exposed Paths
B
Email Security

Security Headers

92/100
Content-Security-Policy

CSP is configured, helping prevent XSS and injection attacks.

Strict-Transport-Security

Strong HSTS policy with includeSubDomains.

X-Frame-Options

Clickjacking protection is enabled.

3 more checks — unlock full report to see all

TLS/SSL Certificate

Issuer
R13
Expires
40 days
Protocol
TLSv1.3
Wildcard
No

Exposed Paths & Login Security

2 exposed

2 security issues found — unlock to see which paths are exposed.

DNS & Email Security

SPF

SPF record with soft fail (~all) — good email authentication.

DMARC

DMARC policy is set to none — monitoring only, not enforcing.

DKIM

No DKIM record found for common selectors. Email authenticity cannot be verified (or uses a non-standard selector).

Infrastructure

Server Software

Server: hcdn

X-Powered-By

Technology stack exposed: PHP/8.3.30. This header should be removed.

PHP Version

PHP 8.3.30 is supported.

Web Application Firewall

No WAF detected. Consider adding one for additional protection.

WP Version Exposed

WordPress version 7.0 is exposed in the generator meta tag. Consider removing it.