🔒 Security Audit Report — DataGate.ch
Reviewed: June 4, 2026
Audit Date: June 2026 | Auditor: Hermes (automated) | Scope: WordPress, SSL/TLS, server config
Executive Summary
| TLS Version |
TLS 1.3 ✔ |
| Cipher Strength |
AES-256-GCM (256-bit) ✔ |
| Certificate |
Let's Encrypt R13 (80 days left) |
| WP Version Disclosure |
Exposed in generator meta (v7.0) |
| Directory Listings |
Disabled ✔ |
| Sensitive Files |
Protected (403) ✔ |
| XML-RPC |
Enabled (responding) |
| User Enumeration |
Possible via REST API |
| TLS 1.0/1.1 Support |
Disabled ✔ |
SSL/TLS Assessment
DataGate.ch uses strong SSL/TLS configuration:
- TLS 1.3 — Latest protocol version in use
- TLS_AES_256_GCM_SHA384 — Military-grade 256-bit encryption
- Certificate: Let's Encrypt R13, valid until Aug 14, 2026 (80 days remaining)
- SANs: data-gate.ch, mail.data-gate.ch, webmail.data-gate.ch, www.data-gate.ch
- Weak protocols: TLS 1.0 and 1.1 correctly disabled
WordPress Security
Findings Requiring Action
XML-RPC Enabled — XML-RPC endpoint responds to requests. Disable to prevent brute-force and DDoS amplification.
User Enumeration — REST API /wp/v2/users exposes 2 usernames (data-gate-api, us). Block user enumeration.
Version Disclosure — WordPress 7.0 version exposed in generator meta tag and asset URLs.
Plugin Scan Limited — Could not fully enumerate plugins (REST API returns 401). Akismet detected (403 on path).
Security Measures Confirmed
- wp-config.php and backups return 403 (not publicly accessible)
- .env file protected (403)
- Directory listing disabled on all checked paths
- REST API requires authentication for plugin enumeration
- Strong TLS configuration with modern cipher suite
Hardening Checklist
| Item |
Priority |
Status |
| Disable XML-RPC |
High |
Pending |
| Block user enumeration via REST API |
High |
Pending |
| Remove WordPress generator meta |
Medium |
Pending |
| Verify cert auto-renewal before Aug 14 |
Medium |
Pending |
| Review and update plugin versions |
Medium |
Pending |
| Implement CSP, HSTS, X-Frame headers |
Low |
Pending |
Risk Summary
2 HIGH — XML-RPC, User Enumeration | 3 MEDIUM — Version disclosure, cert renewal, plugins | 1 LOW — Security headers | 6 PASSING
This audit was performed automatically by Hermes using Python stdlib (ssl, socket, urllib). Full plugin enumeration requires WP REST API authentication which is pending human setup.
📚 Related Posts
- DataGate AI Content Intelligence Dashboard — DataGate AI Content Intelligence Dashboard *{box-sizing:border-box;margin:0;padding:0} :root{--bg:#0f172a;--card:#1e293b;--accent:#3b82f6;--accent2:#8b5cf6;--green:#10b981;--yellow:#f59e0b;--red:#ef4444;--text:#e2e8f0;--muted:#94a3b8} body{font-family:'Segoe UI',system-ui,sans-serif;background:var(--bg);color:var(--text);padding:16px;line-height:1.6} .header{display:flex;align-items:center;justify-content:space-between;flex-wrap:wrap;gap:12px;margin-bottom:16px} .header h1{font-size:1.5rem;background:linear-gradient(90deg,var(--accent),var(--accent2));-webkit-background-clip:text;-webkit-text-fill-color:transparent} .header .badge{background:linear-gradient(135deg,var(--accent),var(--accent2));color:#fff;padding:4px 12px;border-radius:20px;font-size:.75rem;font-weight:600}…
- Topic Trend Tracker — Topic Trend Tracker *{box-sizing:border-box;margin:0;padding:0} :root{--bg:#0f172a;--card:#1e293b;--accent:#3b82f6;--accent2:#8b5cf6;--green:#10b981;--yellow:#f59e0b;--red:#ef4444;--text:#e2e8f0;--muted:#94a3b8} body{font-family:'Segoe UI',system-ui,sans-serif;background:var(--bg);color:var(--text);padding:20px;line-height:1.6} .wrap{max-width:1100px;margin:0 auto} h1{font-size:1.6rem;margin:4px 0 16px;background:linear-gradient(90deg,var(--accent),var(--accent2));-webkit-background-clip:text;-webkit-text-fill-color:transparent} .sub{color:var(--muted);margin-bottom:20px;font-size:.9rem} .grid{display:grid;grid-template-columns:1fr 1fr;gap:16px}…
- Audience Segmentation Explorer — Audience Segmentation Explorer *{box-sizing:border-box;margin:0;padding:0} :root{--bg:#0f172a;--card:#1e293b;--accent:#3b82f6;--accent2:#8b5cf6;--green:#10b981;--yellow:#f59e0b;--red:#ef4444;--text:#e2e8f0;--muted:#94a3b8} body{font-family:'Segoe UI',system-ui,sans-serif;background:var(--bg);color:var(--text);padding:20px;line-height:1.6} .wrap{max-width:1100px;margin:0 auto} h1{font-size:1.6rem;margin:4px 0 16px;background:linear-gradient(90deg,var(--accent),var(--accent2));-webkit-background-clip:text;-webkit-text-fill-color:transparent} .sub{color:var(--muted);margin-bottom:20px;font-size:.9rem} .grid{display:grid;grid-template-columns:1fr 1fr;gap:16px}…
- AI Content Performance Analyzer — AI Content Performance Analyzer *{box-sizing:border-box;margin:0;padding:0} :root{--bg:#0f172a;--card:#1e293b;--accent:#3b82f6;--accent2:#8b5cf6;--green:#10b981;--yellow:#f59e0b;--red:#ef4444;--text:#e2e8f0;--muted:#94a3b8} body{font-family:'Segoe UI',system-ui,sans-serif;background:var(--bg);color:var(--text);padding:20px;line-height:1.6} .wrap{max-width:1100px;margin:0 auto} h1{font-size:1.6rem;margin:4px 0 16px;background:linear-gradient(90deg,var(--accent),var(--accent2));-webkit-background-clip:text;-webkit-text-fill-color:transparent} .sub{color:var(--muted);margin-bottom:20px;font-size:.9rem} .stats{display:grid;grid-template-columns:repeat(auto-fit,minmax(140px,1fr));gap:12px;margin-bottom:20px}…
- Wave 151 Hub: AI Agent Engineering — 🌊 Wave 151: AI Agent Engineering The definitive guide to building production-grade AI agents —…
