Allowed memory size (kleo framework.php)

PHP Version: 5.3.28
Zend Engine: 2.3.0
PHP Memory Limit: 128M
Memory Usage Sampling: 131,20 MB
Loaded Extensions: Show
PHP Include Path: /web/htdocs/www.inmarketing.it/home/wp-content/plugins/tpc-memory-usage/library:.:/php5.3/lib/php/
Maximum Upload: 25M

OS/Server: Linux webxc36s04.ad.aruba.it 2.6.32-431.23.3.el6.x86_64 #1 SMP Thu Jul 31 17:20:51 UTC 2014 x86_64
Load Averages:
Address: 62.149.142.131
Nome: http://www.inmarketing.it
Software: Apache/2.4.10 (Unix) mod_fcgid/2.3.9
Protocol: HTTP/1.1
Document Root: /web/htdocs/www.inmarketing.it/home/
Client IP: 79.12.14.239
Client Hostname: host239-14-dynamic.12-79-r.retail.telecomitalia.it
Client Port: 50379
Server Admin: postmaster@inmarketing.it
Server Port: 80
Server Signature: OFF

Database: Percona Server (GPL), Release 36.0, Revision 697
Versione: 5.5.39-36.0-log
Uptime: 6 days, 5 hours, 49 minutes, 35 seconds
Hostname: myxsql177.ad.aruba.it
DATE Format: %Y-%m-%d
DATETIME Format: %Y-%m-%d %H:%i:%s

WordPress Report

WordPress Version: 4.0
WordPress Memory Limit: 40M
WordPress DB Hostname: 62.149.150.187
WordPress Database Name: Sql656920_1
WordPress Language: it_IT
Auto-Save Interval: 60 seconds
Query Logging: No
Debugging: No
Advanced Caching: No
External Object Cache: No
Alternate Cron: No
Template Path: /web/htdocs/www.inmarketing.it/home/wp-content/themes/kleo
Stylesheet Path: /web/htdocs/www.inmarketing.it/home/wp-content/themes/kleo-child
Empty Trash Days: 30
JavaScript Compression: No
CSS Compression: No
GZip Compression: No
JavaScript Concatenation: No

Security Check Recommendation

allow_url_fopen
The allow_url_fopen directive is set to ON. It is recommended that you disable allow_url_fopen in the php.ini file for security reasons. This allows PHP file functions, such as include, require, and file_get_contents(), to retrieve data from remote locations (Example: FTP, web site). According to PHP Security Consortium, a large number of code injection vulnerabilities are caused by the combination of enabling allow_url_fopen, and bad input filtering.

allow_url_include
The allow_url_include directive is set to OFF. This disables remote file access via include and require. include and require are the most common attack points for code injection attempts.

display_errors
The display_errors setting in php.ini is set to ON. This means that PHP errors, and warnings are being displayed. Such warnings can cause sensitive information to be revealed to users (paths, database queries, etc.).

magic_quotes_gpc
Magic Quotes is set to OFF. This is the proper setting for any environment.

ModSecurity
Unable to determine if mod_security for Apache is installed. This can happen if a host uses a different name for the Apache module, or if the apache_get_modules() function is not available in your PHP installation. ModSecurity can help protect your server against SQL injections, XSS attacks, and a variety of other attacks. The Apache module is available for free at http://www.modsecurity.org.

open_basedir
The open_basedir directive is not set. open_basedir, set in php.ini, limits the PHP process from accessing files outside of the specified directories. It is strongly suggested that you set open_basedir to your web site documents and shared libraries only.

register_globals
The register_globals setting in php.ini is set to OFF.

safe_mode
The safe_mode setting in php.ini is set to OFF. While relying on this feature is architecturally incorrect because this should not be solved at the PHP level, many ISP’s still use safe mode in shared hosting situations due to limitations at the level the web server and OS.

ServerSignature
Apache’s ServerSignature directive is set to OFF. This prevents hackers from gaining information that could help them exploit vulnerabilities based on your specific server software version.

WP Unique Keys
The WordPress secret keys located in wp-config.php are defined. These help add an extra level of protection against hackers. The secret keys can be changed at any time to invalidate all existing cookies, which will also require users to login again.