Is this email being smart ass?

[gibbsy81]

A friend of my father has started a delivery company i checked out his website and found a number of security issues so i wrote the following email.

 

 

 

Hello [NAME OBSCURED}

I have noticed that you have created the site for your new delivery company there is just a few things that should be fixed/setup to make it a bit more secure.

Firstly the directory's xyztest and /xyztest/Vendors/ shouldn't really be publicly accessible this can be fixed.

Simply by creating a index.php file in those directory's and having the following code placed in them:

<?php

echo "<h1>Error 404 Not Found</h1>";

echo "The page that you have requested could not be found.";

?>

Secondly ssl should be forced site wide especially for things such as login data and personal information like phone numbers and addresses that would be transmitted via the drivers portal system.

I have noticed when navigating to https://[DOMAIN OBSCURED] cpanel throws an error and redirects the user to the defaultwebpage.cgi indicating that ssl has not been configured, and that the ssl certificate is self signed.

Really ssl should be forced site wide with a signed certificate.

 

Thirdly the wp-admin directory isn't hardened see this link about hardening the wp-admin directory http://codex.wordpress.org/Hardening_WordPress#Securing_wp-admin

 

Fourthly this is purely aesthetic but the site title has the stock Just another WordPress site.

 

Finally the social media buttons in the bottom right corner don't link to the pages eg Facebook goes to https://www.facebook.com/ when it probably should goto https://www.facebook.com[Facebook Page Obscured]

not really a security issue but just doesn't look professional.

Regards

Tomas Gibbs

 

Is this really being smart ass in my head i intended for it to be a more of a friendly thing to show him some issues with his site and show him how to fix them.

[arnavvr]

Yes, you sound like you know everything.

[Guest Generallee]

Yes it sounds quite douchey if you ask me

 

You could try saying things like "hey i know you made that site and congrats and all but if you want my help concerning some security issues i found on it i'm ready to help you"

[UnknownEngineer]

Yes, but I don't really see an issue with that.

Maybe add a disclaimer at the start? Something that says that you aren't trying to make an ass out of him, he may have just hired someone to make the site for him.

[Guest]

If he's getting paid for the website then he should fix it. I don't see a problem.