If you always bypass security checks on your WordPress site, then most likely you will fall victim to a Cross-scripting attack. So many websites have fallen victim to such an attack, and the aftermath of it all is quite devastating.
What is XSS?
How do you guard your website from XSS attacks?
Prevention is always better than cure, which is why you should always run that security check, as an admin, when prompted. Web developers have been fighting XSS attacks for years, with a standard solution being the introduction of CSP.
CSP is also known as content security policies, and are protocols that act as a shield against any possible XSS or payload attack. However, it was recently discovered that attackers had discovered a loophole within this new system which they can exploit. CSP was find to be highly flexible as a protocol, which meant domains that loaded external scripts left behind code patterns. Attackers could pick up these patterns and use them to override CSP protection, eventually infecting a website with a XSS bug.
Google has a new solution
Google has been on the forefront of fighting XSS issues, as proven by their Vulnerability Reward program, and has revealed two new tools to mitigate the problem. These two solutions are, namely, CSP Evaluator and CSP Mitigator.
The CSP Evaluator acts as a diagnostic tool that reveals to web developers the new loopholes within the CSP protocols that can be exploited. CSP Mitigator on the other hand is a chrome extension that acts as the cleaning tool. It basically, reinforces the already existing content security policies, but this time fortifying the protocols with adequate security to successfully weed out XSS bugs.
It’s always a good idea to run security checks regularly on your WordPress to be on the safe side. However, if you do suspect you maybe the victim of an attack, Google offers these tools- CSP Evaluator and CSP Mitigator– to remediate the issue.