WP-Safety
New audit

sipila.dev

Scanned Apr 6, 2026, 03:57 PM

Re-scan — Upgrade
98
A · Safe
4
Plugins Detected
6
Active Vulnerabilities
1
Outdated Plugins
0
Abandoned

Security Assessment

Key findings for sipila.dev

  • 6 active vulnerabilityies detected across 4 plugins.
  • 1 plugin is outdated and should be updated.
  • Security headers grade F — 4 important headers are missing.
  • Active theme "salient" has 2 known vulnerabilityies.

WordPress

Version 6.9.4
Core installation

Active Theme

salient v1.7.6
Outdated2 active vulns

Hosting Provider

Unknown
Infrastructure

Detected Plugins

4 total
PluginVulnerabilities
salient-core
salient-core
medium confidence
mediumCVE-2025-59001
highCVE-2024-3812
+2 more
salient-portfolio
salient-portfolio
medium confidence
None found
Meta Generator and Version Info Remover
Meta Generator and Version Info Remover
medium confidence
None found
salient-social
salient-social
medium confidence
None found

Unlock the full security analysis

Get the full breakdown of your site's security posture:

All 4 detected plugins
CVE details & patch status
Security header analysis
Exposed paths & TLS audit
DNS & email security
CT log subdomain discovery

One-time payment · Instant access · No subscription required

Security Posture

F
Security Headers
B
TLS/SSL
A
Exposed Paths
D
Email Security

Security Headers

17/100
Content-Security-Policy

No Content-Security-Policy header. Your site is more vulnerable to XSS attacks.

Strict-Transport-Security

No HSTS header. Browsers can be tricked into using insecure HTTP connections.

X-Frame-Options

No clickjacking protection. Your site can be embedded in malicious iframes.

3 more checks — unlock full report to see all

TLS/SSL Certificate

Issuer
R13
Expires
41 days
Protocol
TLSv1.3
Wildcard
No

Exposed Paths & Login Security

0 exposed

No critical paths exposed. Unlock for the full breakdown.

DNS & Email Security

SPF

Could not resolve DNS TXT records for SPF.

DMARC

No DMARC record found.

DKIM

No DKIM record found for common selectors. Email authenticity cannot be verified (or uses a non-standard selector).

Certificate Transparency

24 certificates found

Infrastructure

Server Software

Server: nginx

X-Powered-By

Technology stack exposed: PHP/8.2.30, PleskLin. This header should be removed.

PHP Version

PHP 8.2.30 is supported.

Web Application Firewall

No WAF detected. Consider adding one for additional protection.

WP Version Exposed

WordPress version 6.9.4 is exposed in the generator meta tag. Consider removing it.

Scan another site