I had to contact SecurityMetrics, but after they manually checked, they cleared it for me. Looks like most of these automated scans don’t correctly identify the WP install. Though I admit, it’s better that it incorrectly fail, than incorrectly pass.
Yeah, I think it’s the scan company. My client’s pretty much stuck with them (their merchant provider supposedly insists on it). It’s annoying, I could just pull the blog to pass the scan and drop it back in after, but I don’t want to mess around with their PCI compliance.
It’s a standard install (no plugins, weird configs etc) but I do have a custom theme for them (no core file changes). I just want to make sure there’s nothing I did to trip these alerts.
