optiuser.com
Scanned Jun 24, 2026, 07:31 PM
Run a fresh audit — UpgradeSecurity Assessment
Key findings for optiuser.com
- 1 active vulnerability detected across 13 plugins.
- Security headers are well configured.
- 2 sensitive paths exposed to the public.
WordPress
Active Theme
Hosting Provider
Detected Plugins
13 total| Plugin | Vulnerabilities |
|---|---|
SupportCandy – Helpdesk & Customer Support Ticket System high confidence | None found |
Elementor Website Builder – more than just a page builder high confidence | None found |
hub-core medium confidence | highCVE-2025-68065 |
Rank Math SEO – AI SEO Tools to Dominate SEO Rankings medium confidence | None found |
MailPoet – Newsletters, Email Marketing, and Automation medium confidence | None found |
Your full security report is ready
We found 13 plugins on this site. Unlock the complete analysis:
Security Report
- Full report for this site
- Every detected plugin & CVE
- Remediation guidance
- No re-audit after fixes
Report + Re-audit
- Everything in Security Report
- One complimentary re-audit within 90 days
- Verify your fixes actually closed the findings
- Clean-record badge for your site
Guided Remediation
- Everything in Report + Re-audit
- 15–30 min expert consult to triage findings
- Prioritized action plan for your site
- Optional partner handoff for fixes
One-time payment · Instant access · No subscription required
Not ready to buy? We'll send you a one-time free alert
if we detect a new vulnerability affecting your plugins.
One free alert · Continuous monitoring available with a paid plan
Security Posture
Security Headers
92/100CSP is configured, helping prevent XSS and injection attacks.
Strong HSTS policy with includeSubDomains.
Clickjacking protection is enabled.
TLS/SSL Certificate
Exposed Paths & Login Security
2 exposed2 security issues found — unlock to see which paths are exposed.
DNS & Email Security
SPF record with soft fail (~all) — good email authentication.
DMARC policy is set to none — monitoring only, not enforcing.
No DKIM record found for common selectors. Email authenticity cannot be verified (or uses a non-standard selector).
Infrastructure
Server: hcdn
Technology stack exposed: PHP/8.3.30. This header should be removed.
PHP 8.3.30 is supported.
No WAF detected. Consider adding one for additional protection.
WordPress version 7.0 is exposed in the generator meta tag. Consider removing it.