Hello! It was good to find this thread, linked to by the creator of Better WP Security. I have a few questions, though. And maybe the answer is to upgrade to Pro version of BPS? ... But I was reading the Pro page last night at AITpro website, and frankly, I could not understand nearly ANY of the pro features. So if I cannot even understand them, do I really need them?
Anyway, I had already set up BWPS. Then last night, I ran into Bulletproof Security, I checked around, came here, then went back to my Dashboard. I UN-checked all Server Tweaks at BWPS. I then set up and ran Bulletproof. Everything was running well.
Then, I ran Ultimate Security Checker (USC) today, and saw these messages:
Your server shows the PHP version in response.
Your server shows too much information about installed software.
<END QUOTE>
So, I went back to BWPS and looked at all those orange and blue items (I had all but two of them green before experimenting with BPS) which REALLY bothers me, because it makes me think things are not as secure as they could be. And I'm only at 96 out of 115 points with USC, which maybe that's pretty good. (Some of that is from what they way is suspicious code, but they are Aweber Auto-responder scripts, and are not a problem, I hope. ... It's nice that they actually show you the potentially bad code, though.)
So, taking a BIG risk, I tried checking one of the server tweaks in BWPS to hide the header stuff. I logged out and back in, back out again and then checked some front end pages, and everything seems to work fine. But I chickened out and more tweaks. And I did UN-check the one tweak I had experimented with.
So, here's my Question, if BWPS is showing vulnerabilities, and USC shows a few, but BWPS appears in it's Dashboard to have a fix for it, what's the solution? Is BPS handling those things, but neither BWPS nor USC cannot see the modifications?
How risky is it for me to try, one at at time to check the boxes in Server Tweaks and test it all out? (BWPS tells you which tweaks don't seem to play well with others.)
Bottom Line, is it seems that if I can check a few of the System Tweaks in BWPS, and keep BPS running, I have a pretty good set up??? ... And I've already donated twice to BWPS, and will be happy to do so here.
Thank You Very Much & Thanks for Reading,
David Scott Lynn