- Please add SSL. Almost every website these days forces HTTPS, and it's easier than ever to get an SSL certificate. What's more, many programs and websites will default to https when a user types a domain without any prefix, which causes confusion when people click their link and receive a 401 error. By all means, use a free certificate from Let's Encrypt. It's so easy to install using the Python program Certbot, which you can install using APT on Debian and Ubuntu. They even have an additional program to automatically configure Apache and Nginx to enable SSL and configure your websites to use your new certificate.
- Upgrade PHP! Upon inspection, the version of PHP being used by the server is pretty out-dated. The longer this waits, the greater the chance some nefarious individual will get bored enough to launch an attack using one of the various vulnerabilities at their disposal.
Please set aside some time next month to do this. It's relatively easy, and terribly important. If I encounter any other potential vulnerabilities, I will try to be more discreet about it.
Much Love ♥,
Seathre