Making Adjustments to SSL Settings and FTP Permissions on Server(repost)

Hi there! Attempting another project with you, one for a different client and I believe a lot easier. :) Enjoyed working with you thus far. My client is receiving security warnings that they are not PCI compliant, from SecurityMetrics.com. My client's site is [login to view URL] and it's marked as NOT COMPLIANT with the PCI scan validation requirements on several different items. I believe it's a matter of adjusting SSL settings on server or FTP permissions, but I'm unfamiliar in this territory and don't want to make adjustments blindly. ## Deliverables Message from SecurityMetrics: "SecurityMetrics has determined that KATILADY EVENTS is NOT COMPLIANT with the PCI scan validation requirement for this computer. The computer **fails** because a risk of 4 or more was found." I have updated Wordpress...but it didn't seem to make a difference (I just did that yesterday and ran test again afterward). I can give you login info for the account so you can look at this more closely if you wish, if this is a job you are interested in. Example violations: "The remote web server contains several PHP scripts that are prone to SQL injection and cross-site scripting attacks. Description : According to its banner, the remote version of WordPress is vulnerable to various flaws which may allow an attacker to perform an HTML injection attack against the remote host or allow an attacker to execute arbitrary SQL statements against the remote database. See also : [[login to view URL] 84659][1] **Solution**: Upgrade to WordPress 1.2.2 or greater" "The remote web server contains several PHP scripts that are prone to SQL injection and cross-site scripting attacks. Description : According to its banner, the remote version of WordPress is vulnerable to various flaws which may allow an attacker to perform an HTML injection attack against the remote host or allow an attacker to execute arbitrary SQL statements against the remote database. See also : [[login to view URL] 84659][1] **Solution**: Upgrade to WordPress 1.2.2 or greater." "Description: Microsoft IIS Authentication Method Disclosed Severity: Area of Concern CVE: [CVE-2002-0419][2] Impact: An attacker could determine which authentication scheme is required for confidential web pages. This can be used for brute force attacks against known User IDs. Background: Microsoft IIS web servers support Basic and NTLM authentication. Determination of which authentication is used by a server may help with further intelligent attacks against the server or brute force password attacks. "