<![CDATA[The development of information technology has made the security and integrity of digital information exchange on websites extremely important. Many websites utilize Content Management Systems CMS like WordPress as an alternative choice. This research aims to conduct penetration testing on the WordPress based website teknoblog.top using the Penetration Testing Execution Standard PTES method and provide recommendations for improving existing vulnerabilities. The analysis results on teknoblog.top using the WPScan tool found 6 informational findings, which do not indicate vulnerabilities. Meanwhile, OWASP ZAP identified vulnerabilities with a total of 3 medium level alerts, 5 low level alerts, and 6 informational alerts. The vulnerability successfully exploited in this research was the Missing Anti Clickjacking Header with a medium level severity. This finding was confirmed using the BurpSuite Scanner tool. The vulnerability was caused by the website not properly configuring the security header. To verify the accuracy of the Missing Anti Clickjacking Header vulnerability findings on the OWASP ZAP scanning tool, exploitation was carried out manually using a simple HTML script and through the clickjacker.io website. It is important to address this issue to prevent web pages from being loaded in iframes on other websites. The recommended fix for this vulnerability is the addition of the X Frame Options header to protect the website from clickjacking attacks.]]>
Copyrights © 2025
