Sometimes when you make a fix for a test and then run the scan again the fix still fails or says it could not determine the status.
This happens if you run the security tests on a local website on your own computer or on a website that you have a “maintenance” or “under construction” feature turned on.
The plugin runs some of the tests by pretending to be a regular visitor in a web browser visiting your website, and if there is anything preventing them to visit the website like a regular visitor, this will fail the tests.
Furthermore, when you run on a local website, the programming that works fine on “regular” webservers will not work properly when you develop on your own computer.
Bottom line: Expect some tests to fail on local development websites or if you have installed a “maintenance” or “under construction” plugin on your website.
These are some of the tests known to have issues in these situations, but other tests can also show different results:
- Check if the expose_php PHP directive is turned off.
- Check if the uploads folder is browsable by browsers.
- Check if the admin interface is delivered via SSL.
- Check if the readme.html file is accessible via HTTP on the default location.
- Check if the license.txt file is accessible via HTTP on the default location.
- Check if the install.php file is accessible via HTTP on the default location.
- Check if the upgrade.php file is accessible via HTTP on the default location.