Rene van Lieshout
Basic Pleskian
- Server operating system version
- n/a
- Plesk version and microupdate number
- 18.0.60
Hi,
The Wordpress Security Status shows a few issues that don't have a fix. Does anybody here know if there is a way to ignore those? They are reported in mails too.
1: WordPress Core - Informational - All known Versions - Weak Hashing Algorithm - All known versions of WordPress core use a weak MD5-based password hashing algorithm, which makes it easier for attackers to determine cleartext values by leveraging access to the hash values. NOTE: the approach to changing this may not be fully compatible with certain use cases, such as migration of a WordPress site from a web host that uses a recent PHP version to a different web host that uses PHP 5.2. These use cases are plausible (but very unlikely) based on statistics showing widespread deployment of WordPress with obsolete PHP versions. - Date: 20.06.2012 | Source: Wordfence
2. WordPress Core - All Known Versions - Cleartext Storage of wp_signups.activation_key - All known versions of WordPress Core store cleartext wp_signups.activation_key values (but stores the analogous wp_users.user_activation_key values as hashes), which might make it easier for remote attackers to hijack unactivated user accounts by leveraging database read access (such as access gained through an unspecified SQL injection vulnerability). - Date: 10.10.2017 | Source:
The Wordpress Security Status shows a few issues that don't have a fix. Does anybody here know if there is a way to ignore those? They are reported in mails too.
1: WordPress Core - Informational - All known Versions - Weak Hashing Algorithm - All known versions of WordPress core use a weak MD5-based password hashing algorithm, which makes it easier for attackers to determine cleartext values by leveraging access to the hash values. NOTE: the approach to changing this may not be fully compatible with certain use cases, such as migration of a WordPress site from a web host that uses a recent PHP version to a different web host that uses PHP 5.2. These use cases are plausible (but very unlikely) based on statistics showing widespread deployment of WordPress with obsolete PHP versions. - Date: 20.06.2012 | Source: Wordfence
2. WordPress Core - All Known Versions - Cleartext Storage of wp_signups.activation_key - All known versions of WordPress Core store cleartext wp_signups.activation_key values (but stores the analogous wp_users.user_activation_key values as hashes), which might make it easier for remote attackers to hijack unactivated user accounts by leveraging database read access (such as access gained through an unspecified SQL injection vulnerability). - Date: 10.10.2017 | Source: