Possible messages are listed below.
General messages
Your version of PHP is not the latest. You should upgrade to the latest version. Your version is xxxxxx
This indicates that you do not have the latest version of PHP installed. For highest performance and
best security, you should upgrade to the latest version of PHP.
PHP is set to use session IDs in URLS. You should set session.use-trans-sid to 0 in your php.ini file.
For sites that have user-logins, this option should be set to 0 for best security.
PHP is not set to use only cookies. You should set the session.use_only_cookies to "on" in your php.ini file.
For sites that have user log-ins, this option should be set for best security.
PHP is not set to use strict mode. You should set the session.use_strict_mode to "on" in your php.ini file.
For sites that have user log-ins, this option should be set for best security.
$ewe_error_reporting is turned on. This should be set to FALSE in _ewe.php to prevent showing users potentially revealing information.
Leaving this variable set may make your site less secure.
Captcha is not enabled. Consider installing the EWECaptcha module.
If one or more of your sites allows registration, you should install
the Captcha module to prevent bots from creating accounts.
Site-specific messages
Site doesn't use SSL: xxxxxx
For sites that have user-logins, this indicates that SSL is not set
for the indicated site.
Site doesn't use two-stage registration: xxxxxx
The indicated site doesn't verify new registrations via email. This
can allow fake users and/or invalid email addresses.
Users are allowed to use passwords that are in the exposed password list on site: Conroy Home
The indicated site doesn't check user passwords against the exposed
password list. Not checking can allow users to use exposed passwords
which can make their accounts unsecure.
Users are allowed to use passwords that are found in the dictionary on site: xxxxxx
For best account security, user passwords should be checked against
real words. The indicated site doesn't do this.
Users are allowed unlimited login failures. Consider limiting this to prevent brute-force attacks on site: xxxxxx
The indicated site allows unlimited login failures. This can lead
to brute force attacks against user accounts.
No consequences for exceeding login failure limit on site: Conroy Home
Although the indicated site has a login failure limit, there is no
associated action to take. For high-security sites, the failure
should result in the account being disabled.
Site's minimum password length is nnn, it should be a minimum of 6
The indicated site has the given minimum password length. For best
security, this value should be at least 6.
Passwords don't require any uppercase characters. Consider making this at least 1 on xxxxxx
The indicated site doesn't require uppercase characters in user
passwords. For best security, this should be at least 1.
Passwords don't require any lowercase characters. Consider making this at least 1 on xxxxxx
The indicated site doesn't require lowercase characters in user
passwords. For best security, this should be at least 1.
Passwords don't require any digits. Consider making this at least 1 on xxxxxx
The indicated site doesn't require digits in user
passwords. For best security, this should be at least 1.
Passwords don't require any special symbols. Consider making this at least 1 on xxxxxx
The indicated site doesn't require special characters in user
passwords. For best security, this should be at least 1.
Users are allowed to use passwords that are in the exposed password list on xxxxxx
The indicated site checks passwords against the exposed password
list, but doesn't require that the user choose a different password.
For high-security sites, this should be disallowed.
Users are allowed to use passwords that are found in the dictionary on xxxxxx
The indicated site checks passwords against the dictionary
list, but doesn't require that the user choose a different password.
For high-security sites, this should be disallowed.
Database-specific messages
The default database has a password that matches an exposed password. You should change it.
The password for the default database matches a password in the
exposed password list. This password should be changed.
The default database has a password that is in the dictionary. You should change it.
The password for the default database matches a word in the
dictionary. This password should be changed.
The database set named xxxxxx has a password that matches an exposed password. You should change it.
The password for the indicated database set matches a password in the
exposed password list. This password should be changed.
The database set named xxxxxx has a password that is in the dictionary. You should change it.
The password for the indicated database set matches a word in the
dictionary. This password should be changed.