Find WordPress sites hosted by specific hosting provider

I’m looking to potentially upgrade my WordPress hosting to improve performance. I’ve read through How to find web hosting that meets my requirements?. However, before moving my site to a new provider, I’d like to "test" the hosts’ performance prior to signing up.

I know that it’s possible to lookup who hosts a particular domain, but are there any tricks to doing this in reverse? I.e., is it possible to look up what domains are using WordPress hosted by a particular hosting provider?

VPN provider asks to install RootCertificate. How is it safe?

I want to use VPN provider (ProtonVPN), and don’t want to use an app. They ask user to install their Root Ca. How safe is it? What type of info could they get from my laptop? If I have their certificate installed, does that means they can see and get all info from my browser, including passwords and https sites? And what about other non browser traffic? How safe is it? What are the risks?

Is possible to implement a Web Cryptography API custom provider?

I’m reading some basic info about Web Cryptography API and I’m wondering if is possible to implement some crypto provider (C/C++ library or something) with some extra algorithms or is mandatory to use the ones “embedded” with the web browser. I have finded articles about the security and tutorials about how to use it but nothing about custom implementation. I don’t know if it uses Operating System libraries or only web browser libraries, if should be used “as is”… Some reference or clarification is appreciated.

What kind of data can be monitored/intercepted/altered by the VPN service provider?

As you may know, Virtual Private Network or VPN is a system to create an encrypted tunnel between two computers on the internet, on one end is the VPN client, and on the other end is the VPN server. Everything the client does on the internet can be monitored by the VPN server, which will otherwise be monitored by the ISP and/or the government.

The question is, what kind of data can a VPN server log or monitor? Can the VPN service provider monitor or intercept the full length of the transmitted data, or are they able to do so for some part of it? Also, can they alter and re-transmit the data as it passes through the VPN server?

This question came to my mind after reading some articles warning about VPNs that log and sell user data to third parties. How do I know that the provider isn’t doing such thing?

How to rate a CVSS score for a vulnerability on an identity provider

I’m having difficulty to rate a CVSS for an Identity Provider. Imagine you have a vulnerability where you can bypass an authentication mecanisme.

How would you rate :

  • Confidentiality (C)
  • Integrity (I)
  • Availability (A)

as you don’t how with which system it will be connected ?

The scope is changing, but I can’t just asume the worst scenario, it will just raise the score unnecessarily.

PayDo – Your merchant provider for online business offer all-inclusive solutions for your business with inexpensive fees and maximum flexibility. Incorporating over 300 payment methods across 170 countries we allow your business to grow a huge demographic and widen the clasp of payment opportunity across your platform. This is further emboldened by the 4 settlement currencies and 200+ currencies we support. Here are some of our benefits:

  • Over 300 payment methods in 170 countries
  • 4 settlement…

PayDo – Your merchant provider for online business

How to make it harder for a VPS provider to access my data?

I know it is impossible to completely prevent a host from accessing the data of a virtual machine (as noted here, here and here), but I think there is value in making it harder to do so. Bare metal servers aren’t always an option, and they are much more expensive.

Here is the threat model I have in mind:

  • Buy a VPS from a fairly small company, maybe even one managed by a single person
  • Harden the VPS as much as reasonably possible
  • Rogue government entity demands all the server’s data
  • The company may not have the time, knowledge or resources to circumvent the hardening
  • The company provides only the encrypted data to the government entity

Of course, said government entity could simply demand direct access to the host machine, but even then, it may still require them a good amount of time to figure it out, by which point the VPS owner may have caught on to what’s happening and wiped it clean.

This leads me to my question. Given the typical steps a system administrator may take to obtain data from a virtual machine, what could one do to make this process harder?

Edit: Here is what I have done so far: encrypt the boot partition (GRUB bootloader supports encryption), encrypt the root partition, encrypt the home directory w/ unmounting on logout, use linux-hardened, disable USB via kernel parameters (I am unsure if this helps?)