Fixed test results still fail?

Fixed Test Results Still Fail?

Sometimes when you make a fix for a test and then run the scan again, the fix still fails or says it could not determine the status.

This happens if you run the security tests on a local website on your own computer or on a website that you have a “maintenance” or “under construction” feature turned on.

The plugin runs some of the tests by pretending to be a regular visitor in a web browser visiting your website, and if there is anything preventing them to visit the website like a regular visitor, this will fail the tests.

Furthermore, when you run on a local website, the programming that works fine on “regular” webservers will not work properly when you develop on your own computer.

Bottom line: Expect some tests to fail on local development websites or if you have installed a “maintenance” or “under construction” plugin on your website.

SSL Certificates and Local Development

When working on a local machine, developers often use self-signed SSL certificates for testing purposes. However, these certificates are not recognized as secure by most browsers and can cause security tests to fail. This is because self-signed SSL certificates lack the trust endorsement from recognized Certificate Authorities. As a result, when security tests are conducted, they might flag these certificates as insecure, leading to failed tests.

It’s important to be aware that while self-signed SSL certificates are convenient for local development, they do not replicate the exact security environment of a live, publicly accessible website. Therefore, some security checks may not perform as expected under these conditions.

Known Test Issues

  • Check if the expose_php PHP directive is turned off.
  • Check if the uploads folder is browsable by browsers.
  • Check if the admin interface is delivered via SSL.
  • Check if the readme.html file is accessible.
  • Check if the license.txt file is accessible.
  • Check if the install.php file is accessible.
  • Check if the upgrade.php file is accessible.

Was this helpful?