dcsimg
www.webdeveloper.com
Page 1 of 2 12 LastLast
Results 1 to 15 of 26

Thread: Please take a look at this Health Website

  1. #1
    Join Date
    Oct 2017
    Posts
    16

    Please take a look at this Health Website

    Hey guys and girls.

    Please look over my website and tell me if it looks fine and the pages load ok. Feel free to explore various pages in the menu and posts.

    What I aimed for was a simple and non destructive design.

    This is my most recent page (comment other pages too if you wish):

    ahcafr (dot) com/nzt-48-pill/

    Thanks in advance and looking forward for feedback.

  2. #2
    Join Date
    Oct 2013
    Location
    Sheboygan, Wisconsin
    Posts
    1,630
    https://www.ahcafr.com/nzt-48-pill/

    Using Firefox, opened the site, hit F12 and look at all the errors, not good.
    Selected the Network tab and did the Perfomance analysis. Under 2 seconds - GREAT

    Html errors
    https://validator.w3.org/nu/?doc=htt...nzt-48-pill%2F

    CSS errors
    https://jigsaw.w3.org/css-validator/...rning=&lang=en

  3. #3
    Join Date
    Apr 2017
    Posts
    66
    You are running a way outdated version of Php and advertising it to the world. (5.4.45) and your server is vulnerable to a Clickjacking Attack.

  4. #4
    Join Date
    Oct 2017
    Posts
    16
    Quote Originally Posted by Train View Post
    https://www.ahcafr.com/nzt-48-pill/

    Using Firefox, opened the site, hit F12 and look at all the errors, not good.
    Selected the Network tab and did the Perfomance analysis. Under 2 seconds - GREAT

    Html errors
    https://validator.w3.org/nu/?doc=htt...nzt-48-pill%2F

    CSS errors
    https://jigsaw.w3.org/css-validator/...rning=&lang=en
    F12 in Firefox actually did not show any errors, but maybe I am checking it wrong.

    I tried to fix most errors myself a few months ago, but the ones that remain are built into Wordpress or my Plugins. Those plugins are actually used by millions of people, so I can't believe those are serious problems.

    But I am not a developer myself, so I wouldn't know for sure.

  5. #5
    Join Date
    Oct 2017
    Posts
    16
    Quote Originally Posted by benanamen View Post
    You are running a way outdated version of Php and advertising it to the world. (5.4.45) and your server is vulnerable to a Clickjacking Attack.
    I have a shared host, so I guess the PHP is set up by them? So I would need them to upgrade?


    And what is a Clickjacking Attack? how do I know I am not a victim of that?

  6. #6
    Join Date
    Apr 2017
    Posts
    66
    Quote Originally Posted by fielam View Post
    I have a shared host, so I guess the PHP is set up by them? So I would need them to upgrade?


    And what is a Clickjacking Attack? how do I know I am not a victim of that?


    Yes, you most definitely need to be running a much newer version of Php. Current version is 7.x. Active support for 5.6 ended 8 months ago. As far as Clickjacking, google is your friend. You can easily look up what it is and how to secure against it.

  7. #7
    Join Date
    Oct 2013
    Location
    Sheboygan, Wisconsin
    Posts
    1,630
    Hit F12 and when console show select css and bunches show up.

    We have had folks get rid of those same errors.

  8. #8
    Join Date
    Oct 2017
    Posts
    16
    Quote Originally Posted by benanamen View Post
    Yes, you most definitely need to be running a much newer version of Php. Current version is 7.x. Active support for 5.6 ended 8 months ago. As far as Clickjacking, google is your friend. You can easily look up what it is and how to secure against it.
    Thanks! I updated my PHP. Don't notice any difference to be honest, but I guess it is safer so thank you.

  9. #9
    Join Date
    Apr 2017
    Posts
    66
    Quote Originally Posted by fielam View Post
    Thanks! I updated my PHP. Don't notice any difference to be honest, but I guess it is safer so thank you.
    Yes, I see that, which is a security issue. I should not be able to know what version of Php you are running. You need to disable expose_php

  10. #10
    Join Date
    Oct 2017
    Posts
    16
    Quote Originally Posted by benanamen View Post
    Yes, I see that, which is a security issue. I should not be able to know what version of Php you are running. You need to disable expose_php
    Thanks, I now disabled expose_php

  11. #11
    Join Date
    Oct 2017
    Posts
    16
    Quote Originally Posted by Train View Post
    Hit F12 and when console show select css and bunches show up.

    We have had folks get rid of those same errors.
    I still did not see errors in that view, just my CSS.

    BTW, I installed autoptimize plugin to combine CSS into one file, I hope it has benefit.

    How to get rid of those errors? will they come back after a plugin or Wordpress are updated?

  12. #12
    Join Date
    Apr 2017
    Posts
    66
    You need to restart apache for it to take effect. The version is still showing.

  13. #13
    Join Date
    Oct 2013
    Location
    Sheboygan, Wisconsin
    Posts
    1,630
    If you read the CSS lines, those are all errors.

  14. #14
    Join Date
    Apr 2017
    Posts
    66
    You are good to go on exposing the Php version. Here are a few other security issues you should take care of


    X-Frame-Options - !IMPORTANT! - Stops Clickjacking
    X-Content-Type-Options
    X-XSS-Protection
    X-CONTENT-SECURITY-POLICY

  15. #15
    Join Date
    Mar 2007
    Location
    localhost
    Posts
    5,512
    Your comments in the page you link to makes claims but no hard facts, a few links to places, some I recognise but the others, well I followed one and it was what I call a Quack site, an individuals opinion and nothing less. When you carry any kind of medical articles, you need links to peer reviewed works, not blogs and other sites that carry opinion over fact and the content of the article in question lacks some of these features.

    If you cite a source, then not only cite the vendors and manufacturer a recognised third party link to a reference would be a great idea, the more sources that you have that are credible, and by that I mean credible in the sense that these are from published journals / sources / works that have been peer reviewed. Too many quack sites set up shop peddling their rubbish to the gullible and the desperate.
    --> JavaScript Frameworks like JQuery, Angular, Node <--
    ... and please remember to wrap code with forum BBCode tags:-

    [CODE]...[/CODE] [HTML]...[/HTML] [PHP]...[/PHP]

    If you can't think outside the box, you will be trapped forever with no escape...

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center